When using sessions, which you might want to do, PHP automatically sends
header's that tell the user's browser not to bookmark the page.
The reason they can click the back button and see the page is because their
browser is caching the page. If they press the Refresh key they won't be
able to see the page, as long as you check for their cookie on that page
anyway.
So it's not fool proof (nothing is), but use header to send the Pragma:
No-cache setting.
Note: You can't _force_ the browser not to cache the page. You can only
_request_ that it not be cached.
--
Plutarck
Should be working on something...
...but forgot what it was.
""Marcelo Pereira"" <[EMAIL PROTECTED]> wrote in message
006701c0c742$4b843b60$0b01a8c0@hmmg">news:006701c0c742$4b843b60$0b01a8c0@hmmg...
> Hi All,
>
> I'm in trouble to authenticate each user (using a database).
> When the user sucesfully login on your area the php script send a cookie,
> and every php script reads this cookie. So when the user log ou the php
> script expires the cookie and then the user cannot bookmark the page and
> turn back...... but, if the user clicks the 'logout' button, I expire the
> cookie e show the main screen, but, by other side, if the user click at
> 'back button' then he can see the page....... I would like to:
>
> - Each page look for the cookie, even if the back button is pressed.
> - If the cookie isn't there, then a 'expires page' is showed....
>
> Which is the better way to do it ???
>
> Thanks in advance,
>
> Marcelo Pereira
> Programmer
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
