注销后点击浏览器后退又回到登陆后的界面-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

注销后点击浏览器后退又回到登陆后的界面

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 23, 2016 pm 02:21 PM

有三个界面 logon.php / checklogon.php / detail.php / logout.php

logon.php - session_start() 还有包括登陆form等的其他静态html，点登陆了按钮后跳转到checklogon.php.

checklogon.php - 连接数据库并返回用户信息。如果成功$_SESSION['user'] = 用户的相关信息，并跳转到detail.php。

$user = UserBusiness::GetUser($_POST["username"], $_POST["password"]);if($user == null){	header("location: /index.php");	exit;}$_SESSION['user'] = $user;

detail.php - 上面包括了一个注销link,单击后会调用logout.php.

logout.php -

<?php session_destroy(); header("Cache-Control: private, must-revalidate, no-store"); header("Pragma: no-cache"); header("Expires: Sat, 26 Aug 1997 05:00:00 UTC"); header("location: /logon.php"); exit();?>

当点击了logout按钮后，页面到了登陆界面，但是点击浏览器的后退按钮后（IE 8/Firefox），前一个detail界面又显示了。请问大家如何解决。

当点击后退按钮后，detail.php里面的代码并没有执行，应该是缓存的detail.php有显示了出来。

回复讨论(解决方案)

你这个得贴出detail.php的验证部分来看看

<?php		echo('<a href="/Logout.php">Logout</a>');?>

你这个得贴出detail.php的验证部分来看看贴上了

<?php		echo('<a href="/Logout.php">Logout</a>');?>

这个就是？
你里边都没有验证session是否存在的代码，即使你销毁了session又有什么用

修改登陆的PHP，加入如下代码。

<?php	session_start();	//使用session存储用户信息	if(isset($_POST["username"]))  //数据库中读取username用户名	{		$ss_user_id="";				//利用User累的IsValid()方法判断所输入的用户名和口令是否正确		require_once("userclass.php");  //获取用户信息的类		$user=new User();		//如果正确，转到网站首页		if($user->IsValid($_POST["username"],$_POST["password"],$ss_user_id))		{			$_SESSION["ss_user_id"]=$ss_user_id;  //用户ID			echo "<script language='javascript'>";			echo " location='index.php';";			echo "</script>";		}		//如果不正确，刷新页面		else		{			echo "<script language='javascript'>";			echo " alert('用户名或密码错误');";      			echo "</script>";		}	}?>

修改checklogin.php或者新建一个check.php加入验证用户是否存在代码。

<?php	session_start();	if(! isset($_SESSION['ss_user_id']))  //判断是否存在用户ID	{		echo "<script language='javascript'>";		echo "alert('您的用户无权进行此操作!');";		echo "location='login.html';";		echo "</script>";		exit;	}?>

在除登陆和退出页面以外的其他页面文件头处都加上上面这段代码。

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

What data can be stored in a PHP session?May 02, 2025 am 12:17 AM

PHPsessionscanstorestrings,numbers,arrays,andobjects.1.Strings:textdatalikeusernames.2.Numbers:integersorfloatsforcounters.3.Arrays:listslikeshoppingcarts.4.Objects:complexstructuresthatareserialized.

How do you start a PHP session?May 02, 2025 am 12:16 AM

TostartaPHPsession,usesession_start()atthescript'sbeginning.1)Placeitbeforeanyoutputtosetthesessioncookie.2)Usesessionsforuserdatalikeloginstatusorshoppingcarts.3)RegeneratesessionIDstopreventfixationattacks.4)Considerusingadatabaseforsessionstoragei

What is session regeneration, and how does it improve security?May 02, 2025 am 12:15 AM

Session regeneration refers to generating a new session ID and invalidating the old ID when the user performs sensitive operations in case of session fixed attacks. The implementation steps include: 1. Detect sensitive operations, 2. Generate new session ID, 3. Destroy old session ID, 4. Update user-side session information.

What are some performance considerations when using PHP sessions?May 02, 2025 am 12:11 AM

PHP sessions have a significant impact on application performance. Optimization methods include: 1. Use a database to store session data to improve response speed; 2. Reduce the use of session data and only store necessary information; 3. Use a non-blocking session processor to improve concurrency capabilities; 4. Adjust the session expiration time to balance user experience and server burden; 5. Use persistent sessions to reduce the number of data read and write times.

How do PHP sessions differ from cookies?May 02, 2025 am 12:03 AM

PHPsessionsareserver-side,whilecookiesareclient-side.1)Sessionsstoredataontheserver,aremoresecure,andhandlelargerdata.2)Cookiesstoredataontheclient,arelesssecure,andlimitedinsize.Usesessionsforsensitivedataandcookiesfornon-sensitive,client-sidedata.

How does PHP identify a user's session?May 01, 2025 am 12:23 AM

PHPidentifiesauser'ssessionusingsessioncookiesandsessionIDs.1)Whensession_start()iscalled,PHPgeneratesauniquesessionIDstoredinacookienamedPHPSESSIDontheuser'sbrowser.2)ThisIDallowsPHPtoretrievesessiondatafromtheserver.

What are some best practices for securing PHP sessions?May 01, 2025 am 12:22 AM

The security of PHP sessions can be achieved through the following measures: 1. Use session_regenerate_id() to regenerate the session ID when the user logs in or is an important operation. 2. Encrypt the transmission session ID through the HTTPS protocol. 3. Use session_save_path() to specify the secure directory to store session data and set permissions correctly.

Where are PHP session files stored by default?May 01, 2025 am 12:15 AM

PHPsessionfilesarestoredinthedirectoryspecifiedbysession.save_path,typically/tmponUnix-likesystemsorC:\Windows\TemponWindows.Tocustomizethis:1)Usesession_save_path()tosetacustomdirectory,ensuringit'swritable;2)Verifythecustomdirectoryexistsandiswrita

See all articles