Solved

force page refresh in php

Posted on 2007-11-18
14
2,095 Views
Last Modified: 2009-01-08
hi

i have a pageA.php and pageB.php
to access pageB you have to login from pageA

my problem is that once on pageB i can click on the browser back and forward button and come back to pageB.
i dont know how to do this:
i want that once on pageB, pageA must have been expirein order to force a new login when clicking on the browser back and forward button.

is there some code that can do this?

i tried

<?PHP
header( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
header("Expires: 0");
?>

but with no results.

please some help
0
Comment
Question by:eaweb
  • 5
  • 5
  • 4
14 Comments
 
LVL 20

Expert Comment

by:steelseth12
ID: 20308235
On pageA you can check if the user is logged in and if he is you can destroy the session or cookie to force the user to log in again.
What are you using sessions or cookies ?
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20308586
the code you have will tell the browser to refresh everytime the page is loaded, however at the moment you are not setting your login to expired in pageA.php, so when the user visits pageA.php again  they are still logged in. Essentially what you would want to do is 'log out' the user if he/she is logged in when visiting pageA.php. This should be the same or similar as your logout code which you should have already, just need to implement it inot pageA.php.
0
 

Author Comment

by:eaweb
ID: 20310078
steelseth12, i am using sessions.

the problem is when clicking on the browser go back button.
on pageA i am using the follwing code to clear all session.

session_unset();
session_destroy();

but this seems to work only when clicking on a link from pageB to go back to pageA and not when using the browser go back button. i am using ie7.

pageA doesnt seem to refresh when using the browser go back button.
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20310535
i tried and tested out using a simple example, and indeed it does not work.

But have found a way, you will need to include some meta tags at the top of your pageA.php:

echo "<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">
<META HTTP-EQUIV=\"Expires\" CONTENT=\"-1\">";

this should do it, tested and works.
0
 

Author Comment

by:eaweb
ID: 20316998
no, the back and forward still works. do you known a log out script that work with session you can help me with
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20317755
eaweb when using the back button the browser reads from the cache. It doesnt reconnect to the server so you can resend the headers. So there is no way to control that. Can you explain what you want to achieve ?
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20318791
>> no, the back and forward still works. do you known a log out script that work with session you can help me with

eaweb:
I tested my solution, and the back button DOES work, but if you have the pageA.php script to UNSET any session variables if any are set, and then tell them to login again, then the meta tags will work. I have tried it and it works perfectly with the back button (prompts to login again).

if you want you can post your pageA.php and i will modfiy it for you.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:eaweb
ID: 20319209
steelseth12,

what i want to achieve is that when click on the back button after a login and the the user goes back to the login page i dont want the the user to click on the forward button and go back to the page he just logged in to. i want the user to login again whenever he goes outside the application. for example to the login page
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20319309
Do you send your form by post ? If you do then it should prompt the user to refresh the page and then you should be able to destroy the session as the browser will have to request the page again.

0
 

Author Comment

by:eaweb
ID: 20319361
hi nizsmo
>>UNSET any session variables if any are set

it is already done

what do you mean by
>>and then tell them to login again

could send your tested code. i will send my code later because i am out of office right now.
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20319395
hi eaweb:

i am going to sleep as it is late here now, but in the morning i will find the example code i was working with and post it here so that you can get it working :)
0
 
LVL 20

Accepted Solution

by:
steelseth12 earned 500 total points
ID: 20319577
The only thing that gets executed is javacript so
Download the prototype framework
http://www.prototypejs.org/download

and use this code
<script src="prototype.js" language="JavaScript" type="text/javascript"></script>
 

<script type="text/javascript">
 

new Ajax.Request('check.php', {

  onSuccess: function(transport) {

      

	  if(transport.responseText == "ERROR") {

	  

	  	window.location = "logout.php";

	  

	  }

	  

  }

});

</script>
 
 

###check.php####
 

<? session_start();
 
 

if($_SESSION["login"] == true) {
 

	print "ERROR";

	

}
 

?>

Open in new window

0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20336435
A very rough example, assuming your pageA.php = test55.php and pageB.php = test65.php:

test55.php:


<?PHP
session_start();
header( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
header("Expires: 0");
echo "<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">
<META HTTP-EQUIV=\"Expires\" CONTENT=\"-1\">";

if(isset($_SESSION['user']))
{
      session_destroy();
      echo "user session destroyed<br>";
}


if($_REQUEST["set"]==1)
{
      echo "Successful Login! Setting session variable...";
      $_SESSION["user"] = "me";
      echo "Success!";
      echo "<a href=\"test65.php\">Click to proceed to protected area...</a>";
}
else
{
      echo "<form action=\"test65.php?set=1\" method=\"POST\"><input type=\"password\" name=\"pw\"><br><input type=\"submit\" value=\"Login\"></form>";
}

?>



test65.php:

<?php
session_start();
header( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
header("Expires: 0");
echo "<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">
<META HTTP-EQUIV=\"Expires\" CONTENT=\"-1\">";


if($_REQUEST["set"]==1)
{
      echo "Successful Login! Setting session variable...";
      $_SESSION["user"] = "me";
      echo "Success!";
      //echo "<a href=\"test65.php\">Click to proceed to protected area...</a>";
}

if(!isset($_SESSION["user"]))
{
      header("Location: test55.php");
}
else
{
      echo "<br><br>Top secret stuff!";
}
?>


hope this somehow illustrates the use i mentioned above.
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20336585
@nizsmo

session_start();
header( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
header("Expires: 0");
echo "<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">
<META HTTP-EQUIV=\"Expires\" CONTENT=\"-1\">";

DOES NOTHING

if(isset($_SESSION['user']))
{
      session_destroy();
      echo "user session destroyed<br>";
}

DOES NOTING

You are checking if a variable is set in the $_GET superglobal

You might as well check

if(basename($_SERVER["php_self"])==test55.php) {

do what ever

or if(1==1) {


Deleting everything from your code and just leaving

test55.php

<?PHP


if($_REQUEST["set"]==1)
{
      echo "Successful Login! Setting session variable...";
      $_SESSION["user"] = "me";
      echo "Success!";
      echo "<a href=\"test65.php\">Click to proceed to protected area...</a>";
}
else
{
      echo "<form action=\"test65.php?set=1\" method=\"POST\"><input type=\"password\" name=\"pw\"><br><input type=\"submit\" value=\"Login\"></form>";
}

?>

and

test65.php

<?php



if($_REQUEST["set"]==1)
{
      echo "Successful Login! Setting session variable...";
      $_SESSION["user"] = "me";
      echo "Success!";
      //echo "<a href=\"test65.php\">Click to proceed to protected area...</a>";
}

if(!isset($_SESSION["user"]))
{
      header("Location: test55.php");
}
else
{
      echo "<br><br>Top secret stuff!";
}
?>

still works

or even just leaving

echo "<form action=\"test65.php?set=1\" method=\"POST\"><input type=\"password\" name=\"pw\"><br><input type=\"submit\" value=\"Login\"></form>";

again it works

OR even not check at all just display the form when ever the user visits test55.php
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now