If you were REALLY concerned, you could use JavaScript (JavasCrap) to open a new window and close the parent... this way there would be no such thing as a "back" button... it'd be disabled.
I think later version of JS can empty the history too (unsure though). It's not going to be fool proof for those w/o JS, but it would be an added level of security... Justin on 31/08/02 12:12 PM, victor ([EMAIL PROTECTED]) wrote: > K, thanks, i will sort of realized this, but I was wondering if the user > is silly enough to leave the browser window open then someone can press > the back button and go back, I will probably write a message somewhere > to tell the user to close the browser window. > > To the one who asked about the session_destroy thingie, I did that and I > did session_unregiste(blah) but does the order of these two count? > > -----Original Message----- > From: Richard Lynch [mailto:[EMAIL PROTECTED]] > Sent: Friday, August 30, 2002 9:27 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: [PHP] Re: session_unregister - but w00t about the back button? > >> I can logout with session_unregister - but w00t about the back button? >> >> This is probably so trivial that it has been discussed before, if > anyone >> has some knowledge or link at hand mind passing it on? Thanks. > > If you are using Cookies, then everything is fine. Their cookies will > be > gone, and the back button will not alter that. > > If you pass the SID through the URL, and do session_unregister, again, > they'll "see" the old data maybe, but as soon as they move forward, the > "new" data will be in force. > > If you're worried about the back button and Security, you can try some > headers() to convince the browsers not to cache (search archives for > "no-cache") but the bottom line is going to be "User Education" They > either > *quit* the browser, or risk that it's a stupid broken browser that > ignored > your request not to cache the data. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
