caedo Posted May 16, 2008 Share Posted May 16, 2008 Hello, My system allows users to login into the system and to logout from it, the issue arises when i want to logout. I want that when i click the logout button, it clears the session, redirect me to the login page and dont allow me to go back to the previous page with the "Back" button, all of this due to security reasons. Thanks in advance Caedo Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted May 16, 2008 Share Posted May 16, 2008 why not just check for a session(); on the page, and then the back button won't matter? Quote Link to comment Share on other sites More sharing options...
DarkWater Posted May 16, 2008 Share Posted May 16, 2008 Okay, we're not going to do it for you, but we'll help you do it. Understand the difference? If you want someone to do it for you, go to the Freelance board and be prepared to pay someone. If you post some code here though, we can help. Quote Link to comment Share on other sites More sharing options...
caedo Posted May 16, 2008 Author Share Posted May 16, 2008 Sorry if you misunderstood me, Im only seeking for help. Im using CakePHP, MySQL and Apache, also, Im a newbie using PHP this is my first project using it. Ok, my first thought about how to resolve this problem was a pretty simple solution, I was planning to $this->Session->destroy(); and redirect to the login page,when the user click the Logout link. Then if someone was planning to go back using the "Back" button I would have in the beforeRender(); method a IF structure that checks if the Session is valid o not. The problem is that the Senior programmer wants to have some kind of page expiration that doesn´t let the user go back,and that where my question arises, how do I use page expiration in a php system? or html I have search and found this meta tags, But they didn t work.: <meta http-equiv="Expires" content="Mon, 26 Jul 1997 05:00:00 GMT"/> <meta http-equiv="Pragma" content="no-cache" /> Here is the PHP code I was talking about function logout(){ $this->Session->destroy(); $this->redirect('login'); } function beforeRender(){ if ($this->Session->check('id')) { $this->redirect('login'); } Thanks in advance. Caedo Quote Link to comment Share on other sites More sharing options...
DarkWater Posted May 16, 2008 Share Posted May 16, 2008 This is in a class definition, correct? And you're going to want something like: if (!isset($_SESSION)) { header("Location: URL"); } On the top of the page. =P Quote Link to comment Share on other sites More sharing options...
caedo Posted May 17, 2008 Author Share Posted May 17, 2008 I have a doubt about the $_SESSIOn: is $_SESSIOn = $this->Session ? So, it´s the same putting any of the two? Thanks for replying Caedo. This is the whole class: <?php class EmployeesController extends AppController { var $name = 'Employees'; var $helpers = array('Html','Javascript','Form'); var $components = array('Session'); function index(){ } function login(){ if (!(empty($this->params['form']))) { if ($this->Employee->findByPassword($_POST['password']) && $this->Employee->findByEmail($_POST['email'])) { $array_id =$this->Employee->find(array('password' => $_POST['password']),'id','id ASC',0); $id = $array_id['Employee']['id']; $array_name =$this->Employee->find(array('password' => $_POST['password']),'name','name ASC',0); $name = $array_name['Employee']['name']; $array_last_name =$this->Employee->find(array('password' => $_POST['password']),'last_name','last_name ASC',0); $last_name = $array_last_name['Employee']['last_name']; $array_staff =$this->Employee->find(array('password' => $_POST['password']),'staff_member','staff_member ASC',0); $staff_member = $array_staff['Employee']['staff_member']; $this->Session->write('id', $id); $this->Session->write('name', $name); $this->Session->write('last_name', $last_name); $this->Session->write('staff_member', $staff_member); echo $staff_member; echo var_dump($this -> Session -> read()); $this->redirect('welcome'); //('asdasd','welcome'); } }else { $this->set('error','Incorrect data entered.'); } } function welcome(){ echo var_dump($this->Session->read()); $this->set('staff_member',$this->Session->read('staff_member')); $this->set('name',$this->Session->read('name')); $this->set('last_name',$this->Session->read('last_name')); //echo $this->Session->read('id'); } function logout(){ $this->Session->destroy(); $this->redirect('login'); } function beforeRender(){ if ($this->Session->check('id')) { $this->redirect('login'); } } ?> Quote Link to comment Share on other sites More sharing options...
DarkWater Posted May 17, 2008 Share Posted May 17, 2008 Sorry, I didn't see that you were using CakePHP. Show me the code for the Session class. Quote Link to comment Share on other sites More sharing options...
caedo Posted May 17, 2008 Author Share Posted May 17, 2008 RIght now I'm using the Session component that comes with CakePHP, so the only source code I have of it is the one that comes with the framework, here is the code: <?php /* SVN FILE: $Id: session.php 6311 2008-01-02 06:33:52Z phpnut $ */ /** * Short description for file. * * Long description for file * * PHP versions 4 and 5 * * CakePHP : Rapid Development Framework <http://www.cakephp.org/> * Copyright 2005-2008, Cake Software Foundation, Inc. * 1785 E. Sahara Avenue, Suite 490-204 * Las Vegas, Nevada 89104 * * Licensed under The MIT License * Redistributions of files must retain the above copyright notice. * * @filesource * @copyright Copyright 2005-2008, Cake Software Foundation, Inc. * @link http://www.cakefoundation.org/projects/info/cakephp CakePHP Project * @package cake * @subpackage cake.cake.libs.controller.components * @since CakePHP v 0.10.0.1232 * @version $Revision: 6311 $ * @modifiedby $LastChangedBy: phpnut $ * @lastmodified $Date: 2008-01-02 00:33:52 -0600 (Wed, 02 Jan 2008) $ * @license http://www.opensource.org/licenses/mit-license.php The MIT License */ uses('session'); /** * Session Component. * * Session handling from the controller. * * @package cake * @subpackage cake.cake.libs.controller.components * */ class SessionComponent extends CakeSession { /** * Used to determine if methods implementation is used, or bypassed * * @var boolean * @access private */ var $__active = true; /** * Used to determine if Session has been started * * @var boolean * @access private */ var $__started = false; /** * Used to determine if request are from an Ajax request * * @var boolean * @access private */ var $__bare = 0; /** * Class constructor * * @param string $base The base path for the Session */ function __construct($base = null) { if (Configure::read('Session.start') === true) { parent::__construct($base); } else { $this->__active = false; } } /** * Initializes the component, gets a reference to Controller::$param['bare']. * * @param object $controller A reference to the controller * @access public */ function initialize(&$controller) { if (isset($controller->params['bare'])) { $this->__bare = $controller->params['bare']; } } /** * Startup method. * * @param object $controller Instantiating controller * @access public */ function startup(&$controller) { if ($this->__started === false) { $this->__start(); } } /** * Starts Session on if 'Session.start' is set to false in core.php * * @param string $base The base path for the Session * @access public */ function activate($base = null) { if ($this->__active === true) { return; } parent::__construct($base); $this->__active = true; } /** * Used to write a value to a session key. * * In your controller: $this->Session->write('Controller.sessKey', 'session value'); * * @param string $name The name of the key your are setting in the session. * This should be in a Controller.key format for better organizing * @param string $value The value you want to store in a session. * @access public */ function write($name, $value = null) { if ($this->__active === true) { $this->__start(); if (is_array($name)) { foreach ($name as $key => $value) { if (parent::write($key, $value) === false) { return false; } } return true; } if (parent::write($name, $value) === false) { return false; } return true; } return false; } /** * Used to read a session values for a key or return values for all keys. * * In your controller: $this->Session->read('Controller.sessKey'); * Calling the method without a param will return all session vars * * @param string $name the name of the session key you want to read * @return mixed value from the session vars * @access public */ function read($name = null) { if ($this->__active === true) { $this->__start(); return parent::read($name); } return false; } /** * Used to delete a session variable. * * In your controller: $this->Session->del('Controller.sessKey'); * * @param string $name the name of the session key you want to delete * @return boolean true is session variable is set and can be deleted, false is variable was not set. * @access public */ function del($name) { if ($this->__active === true) { $this->__start(); return parent::del($name); } return false; } /** * Wrapper for SessionComponent::del(); * * In your controller: $this->Session->delete('Controller.sessKey'); * * @param string $name the name of the session key you want to delete * @return boolean true is session variable is set and can be deleted, false is variable was not set. * @access public */ function delete($name) { if ($this->__active === true) { $this->__start(); return $this->del($name); } return false; } /** * Used to check if a session variable is set * * In your controller: $this->Session->check('Controller.sessKey'); * * @param string $name the name of the session key you want to check * @return boolean true is session variable is set, false if not * @access public */ function check($name) { if ($this->__active === true) { $this->__start(); return parent::check($name); } return false; } /** * Used to determine the last error in a session. * * In your controller: $this->Session->error(); * * @return string Last session error * @access public */ function error() { if ($this->__active === true) { $this->__start(); return parent::error(); } return false; } /** * Used to set a session variable that can be used to output messages in the view. * * In your controller: $this->Session->setFlash('This has been saved'); * * Additional params below can be passed to customize the output, or the Message.[key] * * @param string $message Message to be flashed * @param string $layout Layout to wrap flash message in * @param array $params Parameters to be sent to layout as view variables * @param string $key Message key, default is 'flash' * @access public */ function setFlash($message, $layout = 'default', $params = array(), $key = 'flash') { if ($this->__active === true) { $this->__start(); $this->write('Message.' . $key, compact('message', 'layout', 'params')); } } /** * Used to renew a session id * * In your controller: $this->Session->renew(); * * @access public */ function renew() { if ($this->__active === true) { $this->__start(); parent::renew(); } } /** * Used to check for a valid session. * * In your controller: $this->Session->valid(); * * @return boolean true is session is valid, false is session is invalid * @access public */ function valid() { if ($this->__active === true) { $this->__start(); return parent::valid(); } return false; } /** * Used to destroy sessions * * In your controller: $this->Session->destroy(); * * @access public */ function destroy() { if ($this->__active === true) { $this->__start(); parent::destroy(); } } /** * Returns Session id * * If $id is passed in a beforeFilter, the Session will be started * with the specified id * * @param $id string * @return string * @access public */ function id($id = null) { return parent::id($id); } /** * Starts Session if SessionComponent is used in Controller::beforeFilter(), * or is called from * * @access private */ function __start(){ if ($this->__started === false) { if ($this->__bare === 0) { if (!$this->id() && parent::start()) { $this->__started = true; parent::_checkValid(); } else { $this->__started = parent::start(); } } } return $this->__started; } } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.