PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

phpwiki - The Wiki for PHP Developers
Using MySQL's Built-In Replication
In Case You Missed It...The Week of August 22, 2005
Securing Data Sent Via GET Requests
Manually Expiring Web Pages

Re: Re: [PHPLIB] Caching and the browser back button From: Brad Saxton (brad <email protected>)
Date: 04/17/00

Next message: Derek Sivers: "Re: [PHPLIB] Caching and the browser back button"
Previous message: ANNA: "[PHPLIB] Paliidziet!"
In reply to: Michael Chaney: "Re: Re: [PHPLIB] Caching and the browser back button"
Next in thread: Sylvan Ravinet: "unauthorized relogin (was:Re: [PHPLIB] Caching and the browser back button)"
Reply: Sylvan Ravinet: "unauthorized relogin (was:Re: [PHPLIB] Caching and the browser back button)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Maybe I'm missing something (and it wouldn't be the first time) but this
discussion seems to revolve around getting around the "Missing Post Data"
problem. I was hoping to see a solution to the following question: Given
the caching of POST data, how can we ever implement a real "Log Out"
function? For instance, I have a protected page using standard session and
auth objects. On first access to this page, I am sent to the login page.
After logging in, you get to see the protected page. Great.....now on this
page I have a link to a page which contains the following PHP:

        <?php
        require("myinclude.inc");
        adm_page_open();

        $auth->unauth(); // I have used various permutation of these
        page_close(); // three statements
        $sess->delete(); //

Header("Location: index.phtml");
?>

Clicking on the link to the above page sends you back to the original
protected page, which, now that you are not authorized, presents the
"Login" page. Super....that's exactly what you expect. Now the
problem...hit the back button once, you see the "cached" protected page,
hit reload and shazaam, you get to see the page and PHPLIB has
reauthorized you. The auth_sessions table is updated with the correct
information in the auth record and a new session record points to it. This
is not what you want. Logout should mean just that....no possibility of
viewing uncached protected pages. I understand and accept that the browser
will cache the pages, but I should not be able to hit reload and get right
back in again. I have been to other sites (for instance Yahoo) where
Logout is effective so I know there is a solution.

Any thoughts on a solution (or maybe I'm out to lunch) or this just
another situation where I have to "suck it up" and live with it.

Cheers
Brad Saxton brad <email protected>
Unix System Support Phone: (905)688-5550 x4321
Information Technology Services, F301
Brock University

-
PHP3 Base Library Mailing List. Send messages to <phplib <email protected>>.
To unsubscribe, send "unsubscribe" to <phplib-request <email protected>> in
the body, not the subject, of your message.

Next message: Derek Sivers: "Re: [PHPLIB] Caching and the browser back button"
Previous message: ANNA: "[PHPLIB] Paliidziet!"
In reply to: Michael Chaney: "Re: Re: [PHPLIB] Caching and the browser back button"
Next in thread: Sylvan Ravinet: "unauthorized relogin (was:Re: [PHPLIB] Caching and the browser back button)"
Reply: Sylvan Ravinet: "unauthorized relogin (was:Re: [PHPLIB] Caching and the browser back button)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]