refreshing cache through php header function yields no result?

ddt999

Hello,

I will try to describe my situation then ask my question.

I am building a website for a client. He wants a login page with a "Your account" page for his clients. I am using a combination of javascript and php.

Upon succesful login $SESSION variables are set to 1.
example: $SESSION['logged']= 1;

If the client logs out due to idle time or pressing 'logout' these values are set to zero.
example: $_SESSION['logged']= 0;

Upon loading of "your account" and any of its sub-pages, that page checks $_SESSION['logged']. If the value is zero it redirects automatically back to the login page. Providing oppertunity to log in again if you wish.

The checking of $_SESSION['logged'] is supposed to redirect even if the client has logged out, but has pressed "back" on the browser to try and see a login page.

The page does not do this. Pressing "back" reveals the page. Interacting with the page or pressing "refresh" THEN causes it to redirect.

I need the page to auto-redirect, not show. I am aware that it is the page being cached and keeping those values until you interact with it.
I have fully tested the header function in php. Using 'must-revalidate' & 'no-cache' and other version! (most info from php.net).

I get no errors when testing the pages, so my code is correctly spelled! 😃
But there is simply no reaction by the page, it just does what it does, which is not what it is supposed to do? 😕

I ask for experience! Is there a specific way of doing the header functions? Perhaps it must be placed in a specific place in the page? And how can i check that the page is actually using the functions and not just moving over them with no action taken?

Thank you for any help.

PS. I do not have constant access to the internet, so i may take longer than usual to reply, i apologise up front 😃

thorpe

If the client logs out due to idle time or pressing 'logout' these values are set to zero.

if you can set a clients session to 0 then the session is not idle. when the user logs out try using [man]unset/man to kill there session, and just let it die naturally when idle.

then, instead of checking for 0 or 1 (false or true), just check if the session value [man]isset/man.

as for your cache issue without seeing any code all i can recommend is something like.

<?php
    header("Cache-Control: no-cache, must-revalidate");
    header("Expires: Mon, 01 Jan 1980 12:00:00 GMT"); // i love the 80's
?>

from the manual.

ddt999

Thank you thorpe for the reply,

Setting the session to 0 is just that I start a javascript timer for e.g 3minutes. Every time the client interacts with login pages (event handlers are used) this timer is reset, if the timer runs out (no events on any of the pages) the page redirects to the login page and unsets the session variables for future usages as described in previouse post.

I did what thorpe suggested, using unset() and checking isset() instead of 0 and 1.
It doesnt seem to work?
Will now try to explain with code.

Assume: You have logged in succesfully -
$_SESSION['logged']= 1;

Now you are directed to "your account"
The initial part of the code is as follows: header functions added as suggested by thorpe

<?
session_start();
header("Cache-Control: no-cache, must-revalidate");
header("Expires: Mon, 01 Jan 1980 12:00:00 GMT");

include_once("../checklogged.php");

// other php and then html
....

checklogged.php then looks to see if $_SESSION['logged'] is set or not and does the appropriate redirection if needed.
Initial code for checklogged.php is as follows: showing the if statements and debug code.

<?
session_start();

if(isset($_SESSION['logged'])):
  echo "logged is set <br>";

  // other code here - load page normally

else:
  echo "logged is not set";

 //othercode here - redirect to login

endif;

//other if's as above checking other session variables
?>

Uppon loading of "your account" the output: "logged is set" is shown at top of page.

Now you logout. all session variables are set to NULL and unset: example

$SESSION['logged']= NULL;
unset($SESSION['logged']);

And you are redirected to the login page.
If you then press "back" you are shown "your account" again and the output is still
"logged is set" - it didnt revalidate itself, thus seeing that the session variable has been unset. By pressing "refresh" the output then changes to "logged is not set".
This is my problem.

Hope this description is good enough! 🙂

Thank you,

ddt999

Just incase anyone reads this:

After much coffee and hours of google!! :eek:
I have found that one can refresh an old page upon loading, but this has a fatal flaw for my situation.

The page is reloaded continuesly, so for the situation of pressing "back" the page refreshes, finds you have logged out earlier and then refreshes! GOOD! 😃
But for the situation of having just logged in and viewing the page, it refreshes every couple of seconds (depending on speed of connection), this is not good for temperments like mine! (and other people i assume) :glare:

Alternatively one could set it so the page refreshes after time X. But to have what your reading refreshed, and the posibility of everything changed with new data, is not something your clients would enjoy! (i would not)

I wonder, thus, if it is possible to force an automatic refresh/revalidate of a page one-time at the initial loading of the page.
This i shall procede to study and find a solution for! 😃

cheers,

Weedpacket

You might want to read up on either AJAX or using an iframe; the idea either way is so that you only need to refresh the parts of the page that need refreshing.

ddt999

Forgive the extended delay for replies! Bosses like to give the @$$^% jobs to the new underlings (me) 😃

I have been searching and reading about this ajax. Nice, the potential is good although i might have to redo everything! :eek:
But that is fine, i would prefer to produce quality anyway!

I only have two questions for now (the rest i must research myself)

I have found some disciptions and demo's of ajax using the XmlHttpRequest Object and those showing ajax without using the Object -- problem is with second method you cannot use post, only get. :glare:

My question, which one would possibly be the best to use, as i see them kida equally balanced?

Does anyone have links to comprehensive examples or descriptions. The ones i have found so far aint making the bells in my head aringing with understanding!

Now off to the code! 😃

Thank you

Weedpacket

Post is more flexible, because you aren't limited by what you can fit into the URL query string. But if what you're sending is small and simple enough (like a serial number)....

ddt999

Thank you weedpacket for the push in the direction of ajax! Much appreciated! 😃
Yeah, i prefer post above get, but recently found that sometimes using get is better than post? So just asked! But thanks for the input yet again!

Read about Ajax, tried a few tutorials and demos and i have managed to get a small example to work with post and using the XmlHttpRequest Object. 🙂

Unfortunately i came to realized that even though ajax opens a WHOLE new list of opportunities, it does not solve my original problem, well not according to what i understand so far.

I still need access blocked to an entire page that has been previously visited, example: logging out and then pressing the "Back" button and instead of seeing the "Your account" page stored in the cache, it should automatically redirect to the login page. But being stored in cache, my attempts of having variables etc checked on loading of the page do not work, the page is displayed and only redirects when refreshing or attempting to interact with the page?
😕

I am not sure if ajax will help in this regard, if there is a way to do it and any one knows, i ask that you will share! 😃
I am not done with research in this area, so i will continue delving into the knowledge pool that is google!

Thank you,