I have a PHP MySQL databse using IE as the interface. You have to log in using a password. The pages then check for a variable $auth_user and will only show if this is OK, ie if the person has logged in.
If the user logs out this variable and the session are destroyed. That's OK.
Now if the user backs out of the system using the Back button, and then goes and does something quite different, leaves the computer and his son comes and accesses the computer and uses Forward, he can get into the database without logging in, because the session is still active.
Don't like this.
The user should have logged out, but careless people can forget to.
Timed session might do, but what time? Some users of the system like to minimize the program, while they are using other things. They like to be in all of the working day.
Any suggestions.
Paulsim
