Solved

force page refresh in php

Posted on 2007-11-18
14
2,108 Views
Last Modified: 2009-01-08
hi

i have a pageA.php and pageB.php
to access pageB you have to login from pageA

my problem is that once on pageB i can click on the browser back and forward button and come back to pageB.
i dont know how to do this:
i want that once on pageB, pageA must have been expirein order to force a new login when clicking on the browser back and forward button.

is there some code that can do this?

i tried

<?PHP
header( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
header("Expires: 0");
?>

but with no results.

please some help
0
Comment
Question by:eaweb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 4
14 Comments
 
LVL 20

Expert Comment

by:steelseth12
ID: 20308235
On pageA you can check if the user is logged in and if he is you can destroy the session or cookie to force the user to log in again.
What are you using sessions or cookies ?
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20308586
the code you have will tell the browser to refresh everytime the page is loaded, however at the moment you are not setting your login to expired in pageA.php, so when the user visits pageA.php again  they are still logged in. Essentially what you would want to do is 'log out' the user if he/she is logged in when visiting pageA.php. This should be the same or similar as your logout code which you should have already, just need to implement it inot pageA.php.
0
 

Author Comment

by:eaweb
ID: 20310078
steelseth12, i am using sessions.

the problem is when clicking on the browser go back button.
on pageA i am using the follwing code to clear all session.

session_unset();
session_destroy();

but this seems to work only when clicking on a link from pageB to go back to pageA and not when using the browser go back button. i am using ie7.

pageA doesnt seem to refresh when using the browser go back button.
0
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

 
LVL 21

Expert Comment

by:nizsmo
ID: 20310535
i tried and tested out using a simple example, and indeed it does not work.

But have found a way, you will need to include some meta tags at the top of your pageA.php:

echo "<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">
<META HTTP-EQUIV=\"Expires\" CONTENT=\"-1\">";

this should do it, tested and works.
0
 

Author Comment

by:eaweb
ID: 20316998
no, the back and forward still works. do you known a log out script that work with session you can help me with
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20317755
eaweb when using the back button the browser reads from the cache. It doesnt reconnect to the server so you can resend the headers. So there is no way to control that. Can you explain what you want to achieve ?
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20318791
>> no, the back and forward still works. do you known a log out script that work with session you can help me with

eaweb:
I tested my solution, and the back button DOES work, but if you have the pageA.php script to UNSET any session variables if any are set, and then tell them to login again, then the meta tags will work. I have tried it and it works perfectly with the back button (prompts to login again).

if you want you can post your pageA.php and i will modfiy it for you.
0
 

Author Comment

by:eaweb
ID: 20319209
steelseth12,

what i want to achieve is that when click on the back button after a login and the the user goes back to the login page i dont want the the user to click on the forward button and go back to the page he just logged in to. i want the user to login again whenever he goes outside the application. for example to the login page
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20319309
Do you send your form by post ? If you do then it should prompt the user to refresh the page and then you should be able to destroy the session as the browser will have to request the page again.

0
 

Author Comment

by:eaweb
ID: 20319361
hi nizsmo
>>UNSET any session variables if any are set

it is already done

what do you mean by
>>and then tell them to login again

could send your tested code. i will send my code later because i am out of office right now.
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20319395
hi eaweb:

i am going to sleep as it is late here now, but in the morning i will find the example code i was working with and post it here so that you can get it working :)
0
 
LVL 20

Accepted Solution

by:
steelseth12 earned 500 total points
ID: 20319577
The only thing that gets executed is javacript so
Download the prototype framework
http://www.prototypejs.org/download

and use this code
<script src="prototype.js" language="JavaScript" type="text/javascript"></script>
 
<script type="text/javascript">
 
new Ajax.Request('check.php', {
  onSuccess: function(transport) {
      
	  if(transport.responseText == "ERROR") {
	  
	  	window.location = "logout.php";
	  
	  }
	  
  }
});
</script>
 
 
###check.php####
 
<? session_start();
 
 
if($_SESSION["login"] == true) {
 
	print "ERROR";
	
}
 
?>

Open in new window

0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20336435
A very rough example, assuming your pageA.php = test55.php and pageB.php = test65.php:

test55.php:


<?PHP
session_start();
header( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
header("Expires: 0");
echo "<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">
<META HTTP-EQUIV=\"Expires\" CONTENT=\"-1\">";

if(isset($_SESSION['user']))
{
      session_destroy();
      echo "user session destroyed<br>";
}


if($_REQUEST["set"]==1)
{
      echo "Successful Login! Setting session variable...";
      $_SESSION["user"] = "me";
      echo "Success!";
      echo "<a href=\"test65.php\">Click to proceed to protected area...</a>";
}
else
{
      echo "<form action=\"test65.php?set=1\" method=\"POST\"><input type=\"password\" name=\"pw\"><br><input type=\"submit\" value=\"Login\"></form>";
}

?>



test65.php:

<?php
session_start();
header( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
header("Expires: 0");
echo "<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">
<META HTTP-EQUIV=\"Expires\" CONTENT=\"-1\">";


if($_REQUEST["set"]==1)
{
      echo "Successful Login! Setting session variable...";
      $_SESSION["user"] = "me";
      echo "Success!";
      //echo "<a href=\"test65.php\">Click to proceed to protected area...</a>";
}

if(!isset($_SESSION["user"]))
{
      header("Location: test55.php");
}
else
{
      echo "<br><br>Top secret stuff!";
}
?>


hope this somehow illustrates the use i mentioned above.
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20336585
@nizsmo

session_start();
header( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
header("Expires: 0");
echo "<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">
<META HTTP-EQUIV=\"Expires\" CONTENT=\"-1\">";

DOES NOTHING

if(isset($_SESSION['user']))
{
      session_destroy();
      echo "user session destroyed<br>";
}

DOES NOTING

You are checking if a variable is set in the $_GET superglobal

You might as well check

if(basename($_SERVER["php_self"])==test55.php) {

do what ever

or if(1==1) {


Deleting everything from your code and just leaving

test55.php

<?PHP


if($_REQUEST["set"]==1)
{
      echo "Successful Login! Setting session variable...";
      $_SESSION["user"] = "me";
      echo "Success!";
      echo "<a href=\"test65.php\">Click to proceed to protected area...</a>";
}
else
{
      echo "<form action=\"test65.php?set=1\" method=\"POST\"><input type=\"password\" name=\"pw\"><br><input type=\"submit\" value=\"Login\"></form>";
}

?>

and

test65.php

<?php



if($_REQUEST["set"]==1)
{
      echo "Successful Login! Setting session variable...";
      $_SESSION["user"] = "me";
      echo "Success!";
      //echo "<a href=\"test65.php\">Click to proceed to protected area...</a>";
}

if(!isset($_SESSION["user"]))
{
      header("Location: test55.php");
}
else
{
      echo "<br><br>Top secret stuff!";
}
?>

still works

or even just leaving

echo "<form action=\"test65.php?set=1\" method=\"POST\"><input type=\"password\" name=\"pw\"><br><input type=\"submit\" value=\"Login\"></form>";

again it works

OR even not check at all just display the form when ever the user visits test55.php
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
JSON decode 5 46
What kind of script/language created this graph? 6 65
How to open a new browser tab after executing php script 20 49
php time 12 25
Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question