You might consider using cookies that keep track of the user's login name and a bitwise status to control AAA (Authentication, Authorization, and Access0 controls instead of using session variables.
-mel On Wed, 1 Jan 2003, Jean-Christian Imbeault wrote: > On my web site there are some areas that I want to make accessible only > after a user has logged in (for example when placing an order, etc ...) > I have been able to achieve this however I have the following problem: > > 1- user logs in > 2- user goes to restricted area > 3- user views pages, orders an item, changes his account settings, etc ... > 4- user logs out > 5- user is sent to log out page > 6- user hits back button ... > > And here my problems start ... even though the user has logged out, all > the "restricted" pages he saw are still cached by his browser and > accessible ... > > I have tried using a script that checks a session variable that > indicates if a user is logged in or not and take appropriate action at > the start of all "restricted" pages, but that doesn't work since when > the user hits the back button, the PHP script is not re-executed, the > page is simply loaded from the browser cache. > > What are some PHP techniques I could use so that a user can no longer > access/use pages once he has logged out? > > Basically I would like to have sort of state machine so I that I can > simply check where a user is coming from and his login "state" to decide > if a certain page should be presented or not (i.e. you can't get here > form there or you can't view that page with your current login status). > > But it seemed that creating a state machine is not the right way to go > about it since hitting the back button pretty much allows a user to > circumvent this ... > > Eventually the web site I will build will actually have many "areas", > each needing a separate/different login, (and you can be logged in to > multiple "areas" at once) so I would like to be able to generalize this > problem and understand how I can use PHP to implement the needed > functionality. > > Just as a simple example, once a user has placed an order, he should not > be able to go back to the "order placing/processing" pages ... > > Any tips, hints, or pointers to tutorials are appreciated! > > Thanks, > > Jc > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
