Hello
I'm a Chinese university student,I want to ask some questions about session.
These days I'm build a website for my university with PHP, But I meet a
question when I develop the part of User Management: After I have log out
from a user page(I use "session_unset()" and "session_destroy()"),I can
return to the page again by click the button "Back"to that pagea and refresh
it, the user page can be shown again. This is unsafe.
So I want to ask that the function "session_unset" and "session_destroy()" will
destroy session immediately or there is a life-time for session. In my memory,
I think that there is a life-time for session and the life-time can be configured.
Another question:
If the user log page is "main.php",the page for authenticate the user is "login.php"
I use session to store the infomation of user such as :
session_register($userid);
But if the variables in the session are unfortunately be known by somebody else.
and he can visit others' information bye the url:"login.php?userid=***",how can solve
these problem? use a ugly but difficult session varable?
Just two questions.
Thanks a lot.
Wish back soon!
Best wishes
