On my web site there are some areas that I want to make accessible only
after a user has logged in (for example when placing an order, etc ...)
I have been able to achieve this however I have the following problem:
1- user logs in
2- user goes to restricted area
3- user views pages, orders an item, changes his account settings, etc ...
4- user logs out
5- user is sent to log out page
6- user hits back button ...
And here my problems start ... even though the user has logged out, all
the "restricted" pages he saw are still cached by his browser and
accessible ...
I have tried using a script that checks a session variable that
indicates if a user is logged in or not and take appropriate action at
the start of all "restricted" pages, but that doesn't work since when
the user hits the back button, the PHP script is not re-executed, the
page is simply loaded from the browser cache.
What are some PHP techniques I could use so that a user can no longer
access/use pages once he has logged out?
Basically I would like to have sort of state machine so I that I can
simply check where a user is coming from and his login "state" to decide
if a certain page should be presented or not (i.e. you can't get here
form there or you can't view that page with your current login status).
But it seemed that creating a state machine is not the right way to go
about it since hitting the back button pretty much allows a user to
circumvent this ...
Eventually the web site I will build will actually have many "areas",
each needing a separate/different login, (and you can be logged in to
multiple "areas" at once) so I would like to be able to generalize this
problem and understand how I can use PHP to implement the needed
functionality.
Just as a simple example, once a user has placed an order, he should not
be able to go back to the "order placing/processing" pages ...
Any tips, hints, or pointers to tutorials are appreciated!
Thanks,
Jc
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
- [PHP] Re: Securing areas of a web site with PHP Jean-Christian Imbeault
- [PHP] Re: Securing areas of a web site with P... Tularis
- [PHP] Re: Securing areas of a web site wi... Jean-Christian Imbeault
- [PHP] Re: Securing areas of a web sit... michael kimsal
- Re: [PHP] Re: Securing areas of a web... Jason Wong
- Re: [PHP] Re: Securing areas of a... Jean-Christian Imbeault
- Re: [PHP] Re: Securing areas of a web sit... Justin French
- Re: [PHP] Re: Securing areas of a web... Jean-Christian Imbeault
- Re: [PHP] Securing areas of a web site with P... Michael J. Pawlowsky
- [PHP] Re: Securing areas of a web site with P... David Tandberg-Johansen
- Re: [PHP] Re: Securing areas of a web sit... Jason Wong
