I did a :
session_unregister('xxx');
session_destroy();
header("Location: http://www.xxx.com/xxx";);
and mozilla is the only browser out of ie6 netscape 4.7 and mozilla to
respect the logout and not repost the data on reload or back request.
Go mozilla. I guess the big boys somewhere are taking a nap.
-----Original Message-----
From: Justin French [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 30, 2002 10:32 PM
To: victor; 'Richard Lynch'; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] Re: session_unregister - but w00t about the back
button?
If you were REALLY concerned, you could use JavaScript (JavasCrap) to
open a
new window and close the parent... this way there would be no such thing
as
a "back" button... it'd be disabled.
I think later version of JS can empty the history too (unsure though).
It's not going to be fool proof for those w/o JS, but it would be an
added
level of security...
Justin
on 31/08/02 12:12 PM, victor ([EMAIL PROTECTED]) wrote:
> K, thanks, i will sort of realized this, but I was wondering if the
user
> is silly enough to leave the browser window open then someone can
press
> the back button and go back, I will probably write a message somewhere
> to tell the user to close the browser window.
>
> To the one who asked about the session_destroy thingie, I did that and
I
> did session_unregiste(blah) but does the order of these two count?
>
> -----Original Message-----
> From: Richard Lynch [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 30, 2002 9:27 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: [PHP] Re: session_unregister - but w00t about the back
button?
>
>> I can logout with session_unregister - but w00t about the back
button?
>>
>> This is probably so trivial that it has been discussed before, if
> anyone
>> has some knowledge or link at hand mind passing it on? Thanks.
>
> If you are using Cookies, then everything is fine. Their cookies will
> be
> gone, and the back button will not alter that.
>
> If you pass the SID through the URL, and do session_unregister, again,
> they'll "see" the old data maybe, but as soon as they move forward,
the
> "new" data will be in force.
>
> If you're worried about the back button and Security, you can try some
> headers() to convince the browsers not to cache (search archives for
> "no-cache") but the bottom line is going to be "User Education" They
> either
> *quit* the browser, or risk that it's a stupid broken browser that
> ignored
> your request not to cache the data.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
______________________________________________________________________
Post your free ad now! http://personals.yahoo.ca
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
