On Fri, Aug 10, 2001 at 04:42:48PM +0530, Balaji Ankem wrote:
> Is there anyway to restrict the reposting?? Means after pressing
> logout button we shouldn't allow the user to go back or reposting
> the data again and getting session again.

Okay... I've figured out two 'solutions'. But... I must say: They're
not pretty. Actually you can't prevent it. But:

Option 1
You can set a cookie after logging in. The authorization page should
check for that cookie. It should not exist in order to login. The
login page (where one gives his username/password) should remove
that cookie if it exists.
This is, though, a _very_ ugly solution and using cookies for
security isn't realy the best thing to do. So actually I wouldn't
encourage you to use this.

Option 2
Another solution is to redirect to a different page. I created the
following example:

=====[ PHP code ]=====
// File: login.php
  <TITLE>Login Test</TITLE>
  <FORM method="post" action="submit-login.php">
   <INPUT type="text" name="firstname">
   <INPUT type="text" name="lastname">
   <INPUT type="submit">

// File: submit-login.php
  /* Here you should do things with the provided data...
     For the example I only write it to the log. */
  error_log ("Firstname: $firstname", 0);
  error_log ("Lastname: $lastname", 0);

  /* Here's where you redirect */
  header ("Location: logged-in.php");

// File: logged-in.php
/* Whatever you want! */

=====[ end of code ]=====

After pushing the submit-button, the data will be submitted to
submit-login.php. There you handle the login-procedure. After that,
you automatically redirect to a different page (logged-in.php in my
example). That's you you show eg 'You are logged in now'. If you
reload that page, nothing realy happens. If you push 'Back', you end
up on login.php again.

Uptil now this is the best option I've come up with.

Hope it works for what you had in mind.


* R&zE:

-- Renze Munnik
-- DataLink BV
-- W: +31 23 5326162
-- F: +31 23 5322144
-- M: +31 6 21811143
-- H: +31 23 5516190
-- Stationsplein 82
-- 2011 LM  HAARLEM
-- http://www.datalink.nl

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to