Hi,
I implemented login/logout area using sessions. Its working fine. When the user logs out, I destroy the session. So, if he clicks on any link, it will ask him to login again. But I'm still able to browse through the site using back and forward button in the browser. Can anyone tell me how to avoid this?
Thanks
Senthil
i don't underestand...
if you verify in each page that the user has been registered using session, if user use back button, you'll check in the session for a varaible that saids to you if the user is registered. IF the session has been destroyed, the user have to log in again,ok?
then there is no problem.....
do you know what i say?
Router 
hi senthil!
if you check the login-session in every member-area-site the user can't browse the sites anymore if he had logged out before!!
just do something like that in EVERY SCRIPT:
<?php
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
import_request_variables('GPC', 'pre');
if (isset($pre_SID)) {
session_start($pre_SID);
// code for user is logged in
} else {
echo 'SORRY ... YOU ARE LOGGED OUT';
}
?>
I'm giving the sessionID to the next page like that:
<a href="nextSite.php?SID=<?php echo $SID ?>">nextSite</a>
that's the way i made my login
Hi,
Thanks for ur reply. It works fine.
Senthil
I have a session script that is working fine, but does not do everything I want...
It prevents users from seeing page content before logging in. (This is good). After they log in, they can browse the site until they close their browser. Then they'd have to log in again. (This is also working.) On each page, I have a call to the session script which checks to see if the session ID has been set.
I'm trying to find a way to destroy the session [session_destroy()] (forcing them to log in again) for ANY/ALL of the following scenarios:
[Assume the user has already logged into my site, but not Logged out, and has NOT closed their browser]
1) when the user links to a site OTHER than mine (session_destroy)
2) when the user presses the HOME button on their browser, leaving my site (session_destroy)
3) user TYPES a different URL in the address bar, leaving my site (session_destroy)
or
4) user exits to another site, and then presses the "back" button on their browser OR types MY url into the address bar to get back to my site. (session_destroy)
ANY/ALL SCENARIOS listed above should FORCE the user to log in again...
Anyone got any ideas?
~Crystal Wood
hi chyistal Wood!
well, it's not a nice way to do that ... but decide yourself...
[01] make one hidden frame in your page
[02] have a java-script in this frame, which loads at the onUnload="" event a php script which destroys the session
something like this:
<body onUnload="window.location.href='session_destroy.php'">
if you link inside your page, you MUST NOT forget to set the link-target, otherwise the page might be opened in parent, and the onUnload script is executed!!
if the user types a new adress ==> onUnload
if the user links to another site ==> onUnload
hope that helps!!
ceeyaa.MeX