Databases
StackOverflow2013
Postsdbo
POprevent user fom logging back in after logging out by hitting back button
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POprevent user fom logging back in after logging out by hitting back button
    text
    copied!<p>I am using a PHP login script that challenges user for username &amp; password.</p> <p>Once authenticated program stores a session value. On logout, session value is set to blanks.</p> <p>Once logged out I want to avoid allowing user hitting the back button a few times and and betting allowed to see screen of data or accidentaly logging himself back in.</p> <p>I am using sessions, a re-direct to send validated user to a new page. I am also using ob_start, ob_flush and ob_end_clean to prevent error or re-direct.</p> <p>Questions: Is this really secure? Is this a common approach?<br> Is there alterternative to buffering?</p> <p>below is a small proof-of-concept.</p> <pre><code>&lt;?php header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); header("Pragma: public"); session_cache_limiter('nocache'); // I'm not sure how effective any of the above seem to be. session_start(); // start buffering because if we use header later we want to avoid error ob_start(); echo "Type &lt;b&gt;in&lt;/b&gt; or &lt;b&gt;out&lt;/b&gt; to login/logout&lt;br&gt;"; ?&gt; &lt;form action='' method='POST'&gt; &lt;input type='text' name='status' size='10' value=""&gt;&lt;br/&gt;&lt;br/&gt; &lt;p&gt;&amp;nbsp;&lt;/p&gt; &lt;input type='submit' name='Login' value='Login' /&gt;&lt;/form&gt;&lt;/p&gt; &lt;?php if ($_POST['status'] == 'in') { $_SESSION['logged_in'] = 'in'; ob_end_clean(); // clean and erase buffer so far header('location:test2.php'); exit; } if ($_POST['status'] == 'out') { $_SESSION['logged_in'] = 'no'; echo "you are logged out &lt;br&gt;"; } ob_flush(); // push output echo "login status = " . $_SESSION['logged_in'] ; ?&gt; file test2.php &lt;?php echo "You have logged in"; ?&gt; </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload