If you were REALLY concerned, you could use JavaScript (JavasCrap) to open a
new window and close the parent... this way there would be no such thing as
a "back" button... it'd be disabled.

I think later version of JS can empty the history too (unsure though).

It's not going to be fool proof for those w/o JS, but it would be an added
level of security...


on 31/08/02 12:12 PM, victor ([EMAIL PROTECTED]) wrote:

> K, thanks, i will sort of realized this, but I was wondering if the user
> is silly enough to leave the browser window open then someone can press
> the back button and go back, I will probably write a message somewhere
> to tell the user to close the browser window.
> To the one who asked about the session_destroy thingie, I did that and I
> did session_unregiste(blah) but does the order of these two count?
> -----Original Message-----
> From: Richard Lynch [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 30, 2002 9:27 PM
> Subject: [PHP] Re: session_unregister - but w00t about the back button?
>> I can logout with session_unregister - but w00t about the back button?
>> This is probably so trivial that it has been discussed before, if
> anyone
>> has some knowledge or link at hand mind passing it on? Thanks.
> If you are using Cookies, then everything is fine.  Their cookies will
> be
> gone, and the back button will not alter that.
> If you pass the SID through the URL, and do session_unregister, again,
> they'll "see" the old data maybe, but as soon as they move forward, the
> "new" data will be in force.
> If you're worried about the back button and Security, you can try some
> headers() to convince the browsers not to cache (search archives for
> "no-cache") but the bottom line is going to be "User Education"  They
> either
> *quit* the browser, or risk that it's a stupid broken browser that
> ignored
> your request not to cache the data.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to