Hi,
I'm using php sessions as an authenication method for a site i'm developing.
The big problem I have is that after a user logs in, and then clicks on another link and then use's the BACK button , Internet Explorer prompts you, asking you to refresh the browser.
This is annoying, because this simply doesn't happen in a Netscape Browser.
Has anyone else seen this problem before and does anyone have any suggestions on how to solve this?
If you are using forms and you want to allow the user to hit 'back' without the annoying request to refresh then use GET instead of POST.
Nick
In reply to the previous poster, I suppose one way around this might be to
embed the session id in the URL? Is that what you mean?
I've found a quick and dirty way around this problem though - i just but
a hyperlinked "Back" text link - if the user clicks on this, they go back to the previous page.
That's one way around the issue - but it still doesn't solve the BACK button issue.
i've also found that session.cache.limiter is by default set to NOCACHE in php.ini
I'd don't want to set it to public as the site will have real time data coming in.
No, what I mean is in your <form> tag set the method=GET that should solve your problem without having to do anything to the PHP at all.
Try it, if it't doesn't work post the code and when I get back from the gym I'll have a mess around with it too!
Nick
Thanks for the tip, but i've solved it.
My login form had a session_start() in the middle of the code.
Shoving this up to the top of the form, before ANY html or other php code fixed the problem.
I also hadn't declared one of my session variables as a GLOBAL variable.
The system works totally fine after doing this.
Thanks for your help though.
I've tried out Nick's idea of using GET instead of POST in my login form.
But surely this defeats the whole purpose of sessions? I really don't want user data being displayed in a URL for security reasons.
Has anyone else cracked this browser refresh problem in PHP4?
My login system works - to an extent.
After logging in, the user can click on a link to go to another page.
Now I have provided a textual BACK link on that page - if the user clicks on this, he can go back to the original page without that annoying browser refresh error.
What's strange though is that , somehow, php seems to be remembering what links he has visited previously - if he now clicks on a link he hasn't visited, he can go to it - but when he uses the BACK button in the browser the refresh error pops up.
If he goes to a page which he has already visited, and he has used the BACK textual hyperlink , he can now start using the BACK button.
So the sequence seems to be
1.login
2.click on link
3.click on textual BACK hyperlink
4.back to page 1 ,click on same link again
5. now you can use the browser back button.
Strange , eh?
I think im having the same problem too...
I don't want the script to execute when the user hit's back
but when i change the session.cache_limter to public it caches too much all my data driven pages get cached. but i don't want the script to execute when the user hits back.
to put the following at top of every page
<?php
session_start();
if ($REQUEST_METHOD=='POST')
{
header('Expires: ' . gmdate("D, d M Y H:i:s", time()+1000) . ' GMT');
header('Cache-Control: Private');
}
?>
this way I could carry on using the post method.
I've tried Mike's solution out, and yes - it works!
However, may I point out that sometimes I get an annoying REFRESH prompt in IE - but I got this initially.
After a while that refresh prompt went away and my real-time data started to appear after i pressed the back button.
This is very difficult to describe - needless to say, i personally think there must be a bug in PHP's session handling, as the results are very inconsistent - sometimes it works, other times it doesnt - its very difficult to pin down.