new window and close the parent... this way there would be no such thing as
a "back" button... it'd be disabled.
I think later version of JS can empty the history too (unsure though).
It's not going to be fool proof for those w/o JS, but it would be an added
level of security...
on 31/08/02 12:12 PM, victor ([EMAIL PROTECTED]) wrote:
> K, thanks, i will sort of realized this, but I was wondering if the user
> is silly enough to leave the browser window open then someone can press
> the back button and go back, I will probably write a message somewhere
> to tell the user to close the browser window.
> To the one who asked about the session_destroy thingie, I did that and I
> did session_unregiste(blah) but does the order of these two count?
> -----Original Message-----
> From: Richard Lynch [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 30, 2002 9:27 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: [PHP] Re: session_unregister - but w00t about the back button?
>> I can logout with session_unregister - but w00t about the back button?
>> This is probably so trivial that it has been discussed before, if
>> has some knowledge or link at hand mind passing it on? Thanks.
> If you are using Cookies, then everything is fine. Their cookies will
> gone, and the back button will not alter that.
> If you pass the SID through the URL, and do session_unregister, again,
> they'll "see" the old data maybe, but as soon as they move forward, the
> "new" data will be in force.
> If you're worried about the back button and Security, you can try some
> headers() to convince the browsers not to cache (search archives for
> "no-cache") but the bottom line is going to be "User Education" They
> *quit* the browser, or risk that it's a stupid broken browser that
> your request not to cache the data.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php