SitePoint Sponsor

User Tag List

Results 1 to 8 of 8

Thread: Session Help

  1. #1
    SitePoint Evangelist
    Join Date
    Mar 2005
    Posts
    523
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Session Help

    Hi Guys

    I would like to know if it is possible to overcome a problem where
    if I change from my site (protected page)that has $_SESSIONS and lets say I go to yahoo.com and hit the back button,is there a way to redirect me to the
    login page and not the protected page.

    Please help
    Niva

  2. #2
    SitePoint Wizard mark_W's Avatar
    Join Date
    Mar 2004
    Location
    West Midlands, United Kingdom
    Posts
    2,631
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You could always check the refering page and if its not from your domain name then redirect to the login. Although not very secure or portable.

  3. #3
    SitePoint Evangelist
    Join Date
    Mar 2005
    Posts
    523
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks Mark

    How would I check that .

  4. #4
    SitePoint Evangelist dmsuperman's Avatar
    Join Date
    Feb 2005
    Location
    A box
    Posts
    516
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Check the session, if the session still exists then they haven't left, otherwise redirect to login page.
    <(^.^<) \(^.^\) (^.^) (/^.^)/ (>^.^)>
    Core 2 Duo E8400 clocked @ 3.375GHz, 2x2GB 800MHz DDR2 RAM
    5x SATA drives totalling 2.5TB, 7900GS KO, 6600GT

  5. #5
    SitePoint Evangelist
    Join Date
    Mar 2005
    Posts
    523
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks

    But if they leave from protected page to yahoo.com and then back
    the session will still be active, and if you unset any of them, then you will not
    be able to go back and forth between protected pages....

    Any thoughts
    Niva

  6. #6
    SitePoint Evangelist
    Join Date
    Mar 2005
    Posts
    523
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    HI

    Any one else wants to try

  7. #7
    SitePoint Guru mwolfe's Avatar
    Join Date
    Mar 2005
    Posts
    912
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i'm pretty sure the only way you could do that is to check the $_SERVER['HTTP_REFERER'] to make sure they came from your domain.. You would have to figure out how to make sure that its coming from your domain.. something like
    PHP Code:
    if  (!strpos("www.yourdomain.com"$_SERVER['HTTP_REFERER'])) {
    unset(
    $_SESSION);
    $_SESSION = array(); //or whatever else you write to destroy the session

    unfortunately this isnt that secure. You could also use a cookie that gets updated each page load with a session timeout.. if that cookie expires then they will have to re-login. This will help prevent unauthorized access if say someone leaves your webpage, but leave the webbrowser open, and then someone else uses the computer and starts pressing the back button. Of course that will only work if at least a certain amount of time has passed. It may also annoy users as they will constanly have to relogin if they leave a page open for very long.

  8. #8
    SitePoint Evangelist anjanesh's Avatar
    Join Date
    Jun 2004
    Location
    Mumbai
    Posts
    447
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Doubt this can be possible as long as he is on the same widow because your sessionid is stored in the cookie.
    If you have the sessionid sent in the url for every page of your site...even then the back button would have that sessionid in the url which is still valid if it hasnt expires.

    The back button is browser controlled. You can use a Javascript function to reload the page if the source is not from your site.
    Anjanesh


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •