It's not a PHP thing but a browser thing. Basically you need to expire a page as soon as the browser has loaded it. This can be done using the meta key expires.
<meta http-equiv="Expires" content="expiration date"> As in <META HTTP-EQUIV="Expires" CONTENT="Mon, 01 Jan 1996 01:01:01 GMT"> If you are running an IIS server look at the server properties... you need to enable this in there. *********** REPLY SEPARATOR *********** On 01/01/2003 at 5:22 PM Jean-Christian Imbeault wrote: >On my web site there are some areas that I want to make accessible only >after a user has logged in (for example when placing an order, etc ...) >I have been able to achieve this however I have the following problem: > >1- user logs in >2- user goes to restricted area >3- user views pages, orders an item, changes his account settings, etc ... >4- user logs out >5- user is sent to log out page >6- user hits back button ... > >And here my problems start ... even though the user has logged out, all >the "restricted" pages he saw are still cached by his browser and >accessible ... > >I have tried using a script that checks a session variable that >indicates if a user is logged in or not and take appropriate action at >the start of all "restricted" pages, but that doesn't work since when >the user hits the back button, the PHP script is not re-executed, the >page is simply loaded from the browser cache. > >What are some PHP techniques I could use so that a user can no longer >access/use pages once he has logged out? > >Basically I would like to have sort of state machine so I that I can >simply check where a user is coming from and his login "state" to decide >if a certain page should be presented or not (i.e. you can't get here >form there or you can't view that page with your current login status). > >But it seemed that creating a state machine is not the right way to go >about it since hitting the back button pretty much allows a user to >circumvent this ... > >Eventually the web site I will build will actually have many "areas", >each needing a separate/different login, (and you can be logged in to >multiple "areas" at once) so I would like to be able to generalize this >problem and understand how I can use PHP to implement the needed >functionality. > >Just as a simple example, once a user has placed an order, he should not >be able to go back to the "order placing/processing" pages ... > >Any tips, hints, or pointers to tutorials are appreciated! > >Thanks, > >Jc > > >-- >PHP General Mailing List (http://www.php.net/) >To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
