I think I know what it is. The construction I mentioned to avoid the
reloading used three pages to login: the login-page, the validation
page and then some page that produces output to the user.
What you do, is include that output page in the validation page
(authentication.php). You shouldn't do that. Instead of the
include('super.php') you should use header("Location: super.php")
and instead of include('ordinary.php') you should use
header("Location: ordinary.php"). If you include
super.php/ordinary.php you still don't leave authentication.php.
That means that one can still reload authentication.php. Then the
browser asks for resubmitting the form. If you use header() instead
of include() you actually leave authentication.php and go to a
different page. The user can ofcourse reload that page, but that
page wasn't actually the result of a form-submital so the page will
then just be reloaded and no information will be resubmitted. Even
if one pushes Back from that page, he/she will not go back to
authentication.php but to login.html. And gone is your problem.
I think this should be your solution...
Oh... btw:
in authentication.php:
session_register('$emp_id');
should be:
session_register("emp_id");
and in logout.php:
session_unregister($emp_id);
should be
session_unregister("emp_id");
--
* R&zE:
-- »»»»»»»»»»»»»»»»»»»»»»»»
-- Renze Munnik
-- DataLink BV
--
-- E: [EMAIL PROTECTED]
-- W: +31 23 5326162
-- F: +31 23 5322144
-- M: +31 6 21811143
-- H: +31 23 5516190
--
-- Stationsplein 82
-- 2011 LM HAARLEM
--
-- http://www.datalink.nl
-- ««««««««««««««««««««««««
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
