Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

force page refresh in php

Posted on 2007-11-18
14
Medium Priority
?
2,112 Views
Last Modified: 2009-01-08
hi

i have a pageA.php and pageB.php
to access pageB you have to login from pageA

my problem is that once on pageB i can click on the browser back and forward button and come back to pageB.
i dont know how to do this:
i want that once on pageB, pageA must have been expirein order to force a new login when clicking on the browser back and forward button.

is there some code that can do this?

i tried

<?PHP
header( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
header("Expires: 0");
?>

but with no results.

please some help
0
Comment
Question by:eaweb
  • 5
  • 5
  • 4
14 Comments
 
LVL 20

Expert Comment

by:steelseth12
ID: 20308235
On pageA you can check if the user is logged in and if he is you can destroy the session or cookie to force the user to log in again.
What are you using sessions or cookies ?
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20308586
the code you have will tell the browser to refresh everytime the page is loaded, however at the moment you are not setting your login to expired in pageA.php, so when the user visits pageA.php again  they are still logged in. Essentially what you would want to do is 'log out' the user if he/she is logged in when visiting pageA.php. This should be the same or similar as your logout code which you should have already, just need to implement it inot pageA.php.
0
 

Author Comment

by:eaweb
ID: 20310078
steelseth12, i am using sessions.

the problem is when clicking on the browser go back button.
on pageA i am using the follwing code to clear all session.

session_unset();
session_destroy();

but this seems to work only when clicking on a link from pageB to go back to pageA and not when using the browser go back button. i am using ie7.

pageA doesnt seem to refresh when using the browser go back button.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 21

Expert Comment

by:nizsmo
ID: 20310535
i tried and tested out using a simple example, and indeed it does not work.

But have found a way, you will need to include some meta tags at the top of your pageA.php:

echo "<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">
<META HTTP-EQUIV=\"Expires\" CONTENT=\"-1\">";

this should do it, tested and works.
0
 

Author Comment

by:eaweb
ID: 20316998
no, the back and forward still works. do you known a log out script that work with session you can help me with
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20317755
eaweb when using the back button the browser reads from the cache. It doesnt reconnect to the server so you can resend the headers. So there is no way to control that. Can you explain what you want to achieve ?
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20318791
>> no, the back and forward still works. do you known a log out script that work with session you can help me with

eaweb:
I tested my solution, and the back button DOES work, but if you have the pageA.php script to UNSET any session variables if any are set, and then tell them to login again, then the meta tags will work. I have tried it and it works perfectly with the back button (prompts to login again).

if you want you can post your pageA.php and i will modfiy it for you.
0
 

Author Comment

by:eaweb
ID: 20319209
steelseth12,

what i want to achieve is that when click on the back button after a login and the the user goes back to the login page i dont want the the user to click on the forward button and go back to the page he just logged in to. i want the user to login again whenever he goes outside the application. for example to the login page
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20319309
Do you send your form by post ? If you do then it should prompt the user to refresh the page and then you should be able to destroy the session as the browser will have to request the page again.

0
 

Author Comment

by:eaweb
ID: 20319361
hi nizsmo
>>UNSET any session variables if any are set

it is already done

what do you mean by
>>and then tell them to login again

could send your tested code. i will send my code later because i am out of office right now.
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20319395
hi eaweb:

i am going to sleep as it is late here now, but in the morning i will find the example code i was working with and post it here so that you can get it working :)
0
 
LVL 20

Accepted Solution

by:
steelseth12 earned 2000 total points
ID: 20319577
The only thing that gets executed is javacript so
Download the prototype framework
http://www.prototypejs.org/download

and use this code
<script src="prototype.js" language="JavaScript" type="text/javascript"></script>
 
<script type="text/javascript">
 
new Ajax.Request('check.php', {
  onSuccess: function(transport) {
      
	  if(transport.responseText == "ERROR") {
	  
	  	window.location = "logout.php";
	  
	  }
	  
  }
});
</script>
 
 
###check.php####
 
<? session_start();
 
 
if($_SESSION["login"] == true) {
 
	print "ERROR";
	
}
 
?>

Open in new window

0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20336435
A very rough example, assuming your pageA.php = test55.php and pageB.php = test65.php:

test55.php:


<?PHP
session_start();
header( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
header("Expires: 0");
echo "<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">
<META HTTP-EQUIV=\"Expires\" CONTENT=\"-1\">";

if(isset($_SESSION['user']))
{
      session_destroy();
      echo "user session destroyed<br>";
}


if($_REQUEST["set"]==1)
{
      echo "Successful Login! Setting session variable...";
      $_SESSION["user"] = "me";
      echo "Success!";
      echo "<a href=\"test65.php\">Click to proceed to protected area...</a>";
}
else
{
      echo "<form action=\"test65.php?set=1\" method=\"POST\"><input type=\"password\" name=\"pw\"><br><input type=\"submit\" value=\"Login\"></form>";
}

?>



test65.php:

<?php
session_start();
header( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
header("Expires: 0");
echo "<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">
<META HTTP-EQUIV=\"Expires\" CONTENT=\"-1\">";


if($_REQUEST["set"]==1)
{
      echo "Successful Login! Setting session variable...";
      $_SESSION["user"] = "me";
      echo "Success!";
      //echo "<a href=\"test65.php\">Click to proceed to protected area...</a>";
}

if(!isset($_SESSION["user"]))
{
      header("Location: test55.php");
}
else
{
      echo "<br><br>Top secret stuff!";
}
?>


hope this somehow illustrates the use i mentioned above.
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20336585
@nizsmo

session_start();
header( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
header("Expires: 0");
echo "<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">
<META HTTP-EQUIV=\"Expires\" CONTENT=\"-1\">";

DOES NOTHING

if(isset($_SESSION['user']))
{
      session_destroy();
      echo "user session destroyed<br>";
}

DOES NOTING

You are checking if a variable is set in the $_GET superglobal

You might as well check

if(basename($_SERVER["php_self"])==test55.php) {

do what ever

or if(1==1) {


Deleting everything from your code and just leaving

test55.php

<?PHP


if($_REQUEST["set"]==1)
{
      echo "Successful Login! Setting session variable...";
      $_SESSION["user"] = "me";
      echo "Success!";
      echo "<a href=\"test65.php\">Click to proceed to protected area...</a>";
}
else
{
      echo "<form action=\"test65.php?set=1\" method=\"POST\"><input type=\"password\" name=\"pw\"><br><input type=\"submit\" value=\"Login\"></form>";
}

?>

and

test65.php

<?php



if($_REQUEST["set"]==1)
{
      echo "Successful Login! Setting session variable...";
      $_SESSION["user"] = "me";
      echo "Success!";
      //echo "<a href=\"test65.php\">Click to proceed to protected area...</a>";
}

if(!isset($_SESSION["user"]))
{
      header("Location: test55.php");
}
else
{
      echo "<br><br>Top secret stuff!";
}
?>

still works

or even just leaving

echo "<form action=\"test65.php?set=1\" method=\"POST\"><input type=\"password\" name=\"pw\"><br><input type=\"submit\" value=\"Login\"></form>";

again it works

OR even not check at all just display the form when ever the user visits test55.php
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses four methods for overlaying images in a container on a web page
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question