Jump to content

Cannot prevent return to "secure" page using browser back button

lanrat

By lanrat
in PHP Coding Help

 Share

Recommended Posts

lanrat Newbie

lanrat

Posted
Posted

Hi,

 

I am using "Login - Redirect v1.3" public_domain script published at mpdolan.com

 

Problem:

After "logout" and redirection to the "default URL" the doain name - when I click on the browsers (IE) back button I am able to (re)access the "secure/private" page I just exited. Only once I click the browser's "Refresh" button *after* returning to the private page am I denied access.

 

On my local development "server" (xampp on a Win XP machine) this "caching" does *not* occurr - access is denied immediately upon using the back button.

 

phpinfo verifies that my php.ini environment is the same as the hosting server other than (host vers = 5.0.4 & my_local ver = 5.2.3)

 

I have tried every combo of PHP "header", "session_cache_limiter()" and "session_destroy()" in my pages - *all* of wich work fine locally but *none* of which work on the hosting server - HELP please!!!!

 

I am using a sub-domain of a site with a functional oscommerce shopping cart to test this "secure" site for later implementation.

 

I obviously do *not* want to change any default settings for the entire domain since the database is common to the oscommerce cart that is "live"!

 

Thanks for any help.

Link to comment
Share on other sites
s0c0 Regular Member

s0c0

Posted
Posted

You're host may not allow destroying sessions, I've never heard of a host doing this, but then again I've always been more of a root type of guy.  Have you tried manually resetting the $_SESSION values on log out.  Like...

 

$_SESSION['username'] = '';
unset($_SESSION['username']);

 

Perhaps if you post the code that builds the session and the code that handles authentication the folks on here can better assist you  :-\

Link to comment
Share on other sites
lanrat Newbie

lanrat

Posted
  • Author
Posted

You're host may not allow destroying sessions, I've never heard of a host doing this, but then again I've always been more of a root type of guy.  Have you tried manually resetting the $_SESSION values on log out.  Like...

 

$_SESSION['username'] = '';
unset($_SESSION['username']);

 

Perhaps if you post the code that builds the session and the code that handles authentication the folks on here can better assist you  :-\

 

Appreciate the response - will try this as soon as I get the chance (got a busy day today  :P ) and post the result and the code you suggest later

 

Thanks again.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.