Solved

Back button: "The page cannot be displayed"

Posted on 2004-10-03
13
342 Views
Last Modified: 2012-06-21
Hi, I have a whole site set up in PHP, and only one problem (at the moment).  The user goes to the login page, logs in, form info is submitted to test.php, the redirected to home.php.  From there the user clicks on any link, goes to page1.php.  Then hits back, and gets a "The page cannot be displayed" error.  If the reload button is hit, home.php comes up fine, without even loosing any session variables.  What is even wierder is that this only has to be done once.  After that they can press back and it goes to home.php witout having to reload.

I have a line `header("Cache-control: public");` at the top, and this hasn't fixed it.  This is not really in my area of php, so I am hoping someone knows how to deal with this.  This same question was asked before and I found it in my search, but I couldn't glean a real answer to it.  Thanks in advance.
0
Comment
Question by:zixp
  • 8
  • 5
13 Comments
 
LVL 27

Expert Comment

by:Diablo84
Comment Utility
try

header("Cache-control: private");

after

session_start();
0
 
LVL 27

Expert Comment

by:Diablo84
Comment Utility
It sounds like the IE6 bug that comes up when using sessions, discussed here: http://www.phpfreaks.com/tutorials/41/1.php
0
 

Author Comment

by:zixp
Comment Utility
sorry, I meant to say that I had tried private as well
0
 
LVL 27

Expert Comment

by:Diablo84
Comment Utility
hmm, that one usually resolves this problem, you have definitely added the header before any output? (echo/print, html, new lines outside of <?php tags).

Just checking before looking towards a work around.
0
 
LVL 27

Expert Comment

by:Diablo84
Comment Utility
Failing that heres a couple of ideas off the top of my head:

1) Prevent caching of the form page altogether (take note as i recall this does not usually fix this problem but as the traditional fix here has failed its something to try):

header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");

http://www.php.net/manual/en/function.header.php

Same principles as usual with headers, before any output they must go.

2) Not sure how well this one will work here, this is typically the method i use to prevent a page resending form data upon refresh.

Point the form the the current page, ie actioon="<?php echo $_SERVER['PHP_SELF']; ?>" then assign the post data to session variables temporarily, for example, at the start of the file

session_start();

if (isset($_POST['submit'])) {
 $_SESSION['username'] = $_POST['username'];
 $_SESSION['password'] = $_POST['password'];
 header("location: your_processing_page.php");
 exit;
}

On the processing page (make sure you have session_start(); at the top of it) you can then validate the data as you would normally only referencing the session variables rather then the post variables, after validation you can then reset the values and do what ever needs to be done. This should in theory avoid the page cannot be displayed error however its an untested unusual method for this purpose.

The last thing i would suggest you do, prehaps before any of the above, is turn on error reporting for the script temporarily just to make sure that the headers you tried initially (in particular the private cache one) were being sent correctly. You can do this by adding:

error_reporting(E_ALL ^ E_NOTICE);

To the top of your file.

I will doubtfully be checking back before tomorrow so if the problem persists post back and i will either return to the issue in the morning or someone else will be able to provide you with help. Best of luck in the mean time.

|)iablo

0
 

Author Comment

by:zixp
Comment Utility
After having tried your suggestions I must sadly report that none seems to have changed anything.  I did however realize that I cut out the intermediary php page, so here is what it looks like (pseudo code):

login.php:
          post:username
          post:password
             submit:home.php
home.php
          if !isset($_session vars)  && isset($_post vars),
               post vars => session vars
          else check_login_and_pass()
page1.php
          check_login_and_pass()
          <a href="home.php">
home.php
====It is at this point that the page cannot be displayed until it is refreshed=====
--[REFRESH]--
home.php
         <a href="page1.php">
page1.php
         <a href="home.php">
home.php
         No problems loading anymore.


Strange, and like I said, I have tried all sorts of cache-limiting headers on home.php, including the ones that you had there.

I will increase the points
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 27

Expert Comment

by:Diablo84
Comment Utility
Does it also happen when clicking the link back to home.php for the first time or is it just when hitting back in your browser?

Can you also post your code from home.php, atleast the relevant part that handles the post and sessions, i would like to have a look and see whats going wrong here if possible.
0
 

Author Comment

by:zixp
Comment Utility
1) No, as a matter of fact it does not have this problem when clicking on the home link. I forgot to mention that.

2)
::LOGIN.HTML::
<html><head></head><body>
<form name="login" method="post" action="home.php">
</body</html>

::HOME.PHP::
<?php

//error_reporting(E_ALL ^ E_NOTICE);
//ini_set("error_reporting"," E_ALL & ~E_NOTICE");

session_start();
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");

if ( !isset($HTTP_SESSION_VARS['username']) && (isset($_POST))){
      
      //get vars from $_POST
      if ((!$HTTP_POST_VARS['username']) || (!$HTTP_POST_VARS['pass'])){ echo "you must <a href=\"http://***.***.com\">log in</a>"; exit;}
      
      $username = $HTTP_POST_VARS['username'];
      $pass = $HTTP_POST_VARS['pass'];

      //convert to $_SESSION
      $HTTP_SESSION_VARS['username'] = $username;
      $HTTP_SESSION_VARS['canary'] = 'set in home';
      $HTTP_SESSION_VARS['encryptpass'] = crypt($pass, $username);

      //clean up variables for security
      unset($HTTP_POST_VARS['username']);
      unset($HTTP_POST_VARS['pass']);
      unset($pass);
}

require ("credentials.php");
?>
<html>
<head>
...
::CREDENTIALS.PHP::
@session_start();
@$login = addslashes($HTTP_SESSION_VARS['username']);
@$password = addslashes($HTTP_SESSION_VARS['encryptpass']);
if ( $HTTP_SESSION_VARS['username'] == "" || $HTTP_SESSION_VARS['encryptpass'] == ""){echo "Im sorry, but you must be logged in to see this page. Please <a href=\"http://***.***.com\">login</a>"; exit;}
if (!$login || !$password){echo "You are not authoirzied to view this page";}
          ...the script then proceedes to look up the user from the database

and BTW, dont worry about $HTTP_SESSION instead of $_SESSION, or the like for post, I have heard it before, but thats how I learned it, and there is no real reason to go and change it.


0
 
LVL 27

Accepted Solution

by:
Diablo84 earned 450 total points
Comment Utility
Ok, as there isn't as such an error with your code i am going to have to target potential suspects within your script as it were to try and find the cause.


>> if ( !isset($HTTP_SESSION_VARS['username']) && (isset($_POST))){

The post array is always set* so you should focus on checking a specific post array item,
eg: if (!isset($HTTP_SESSION_VARS['username']) && isset($_POST['username'])){

* You will notice that

if (isset($_POST)) echo "POST array is set";

will always return true


>> @session_start();

If CREDENTIALS.PHP is -only- being included in HOME.PHP (as opposed to being accessed directly) then you do not need to declare session start again as it will only result in a notice and will be ignored by the interpreter. I presume the reason you are supressing errors for this line may mean that it is also accessed directly.


There is not a lot else wrong with your code so if you could try the above and see how that works out. Also if you have the Firefox or Mozilla browser available could you try the script there, i suspect it may just be an IE bug again.


>> and BTW, dont worry about $HTTP_SESSION instead of $_SESSION, or the like for post...

Thats definitely a personal preference matter at this point in time so no problem. It is however likely that at some point they will chose to deprecate the old methods so as long as you are aware of the "current method" its ok.
0
 

Author Comment

by:zixp
Comment Utility
still no dice. Furthermore,  I have the same list of no-cache headers in login.html, but it keeps resubmitting bad post info if your login is incorrect.  Is there some header that says something like header("I_am_so_serriously, dont_cache_this")?
0
 
LVL 27

Expert Comment

by:Diablo84
Comment Utility
:) In a perfect world

>>  it keeps resubmitting bad post info if your login is incorrect

This sounds dubious, its either the post data being resent or prehaps data being recalled from a cookie, not sure without seeing code.

And speaking of which i think we could end up going around in circles with this one, it would be easier if i could see the error for myself and figure out the problem that way, so, could you possibly post the code from each of the scripts involved here (minus anything which has nothing to do with the problem - queries etc). If i can reconstruct the problem i may be able to get to the bottom of it.
0
 

Author Comment

by:zixp
Comment Utility
You have more than earned any points for this question, even though I havent fixed it yet.  So I will accept your answer, and if you are so inclined you can contact me at 34263406@ithrowmylifeaway.com (a disposable email) and I will send you the code.  I take no offense if you dont though.

Thank you for your effort to help me.
0
 
LVL 27

Expert Comment

by:Diablo84
Comment Utility
no problem zixp

if you could zip the files and send them to the address i my profile i will be happy to have a look through them for you when i have the chance.

0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo‚Ķ
This article discusses four methods for overlaying images in a container on a web page
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now