PHPBuilder - Manually Expiring Web Pages Page 2



RSS Twitter
Articles Html

Manually Expiring Web Pages - Page 2

by: Joe Clark
|
July 2, 2003

CACHE-CONTROL AND CONDITIONAL CHECK

In the following code snippet, we will auto-detect if the session is still in use.
createaccount.php:

<?php
session_start
();
header("Cache-control: must-revalidate");

if (
$_SESSION["alive"] != "1") {
// User is attempting to go back after the session was destroyed
Header("Location:/php/error100.php");
}
?>
The "Cache-control" directive above is very important. Using "must-revalidate" tells the browser that it has to fetch the page from the server again instead of loading if from its cache. Because it reloads the page from the server, it will re-check the $_SESSION["alive"] variable to see if its value is "1". If so, the page can load properly. If not, then we'll redirect the user to another page that contains a custom error message. Placing this script at the beginning of every page in the registration series will catch every "Back" button press by the user. It's not enough to place it on the last page in the registration series as a user could press the "Back" button more than one time. I have this snippet in createaccount.php, createaccount1.php, createaccount2.php and createaccount3.php.

MANUALLY EXPIRE THE SESSION

The last thing to do is manually "expire" the session, or at least a portion of it. In my case, I wanted the session to stay alive, so I could not use session_unset() or session_destroy(). However, I didn't want the user to go back to the previous pages and change things. Remember that $_SESSION["alive"]variable? After the final submit, all we have to do is get rid of it. There are two ways to do this:
createaccount4.php (the page after the final submit):

<?php
session_start
();
$_SESSION["alive"] = "0";
?>
or

<?php
session_start
();
session_unregister('alive');
?>
Either way will accomplish the same thing. Now, when the "Back" button is pressed, the user won't return the the previous page and be able to change data and resubmit. Instead, they will be redirected to error100.php (or whatever page you choose) and will get a custom error message.
So, the next time you want to stop the user from going back to change data previously entered, and if you want manual control over it, use this method. Just remember that the entry script sets the session variable to the "alive" state, and the exit script (right after your final submit during the process) sets the session variable to a "not alive" state. The "Cache-control: must-revalidate" forces the browser to reload the page from the server, and the "alive" check is performed. Redirection to a custom page occurs when the session variable is not "alive".

« Previous Page
1
|
2

Comment and Contribute

Your comment has been submitted and is pending approval.

Author:
Joe Clark

Comment:



Comment:

(Maximum characters: 1200). You have characters left.