[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 641
  • Last Modified:

PHP Session variables not destroyed with Internet Explorer IE (or cache problems)

Hello,

I have a web form on PAGE A that gets sent to PAGE B for processing. PAGE B validates the data, inserts it into a MYSQL database. The record ID that is generated from the INSERT is placed into a SESSION variable.  PAGE B has a button on it. When user clicks button, it goes to PAGE C, which uses the class FPDF to generate a nice PDF Form that the user prints out. PAGE C uses the SESSION variable created on PAGE B to find the correct record.
 
PAGE A does all of the SESSION DESTROY/COOKIE DESTROY stuff to erase all personal data in case someone goes from PAGE C to PAGE A without closing the browser window. When I print out the session data on this page, it is blank, so I feel confident that this is happening correctly.

In FireFox, the system works fine... But in I.E. The SESSION Variable of the first person to fill out the form since the browser window has been open will persist. Or, if it doesn't persist, IE is somehow caching the old PAGE 3 and reprinting the previous record.

This is not good for privacy purposes.

Is there anything I can do to force IE to purge its cache?

Thanks,
0
aberns
Asked:
aberns
  • 3
  • 3
2 Solutions
 
JonasLedelCommented:
Have you tried the header value:

header("Cache-Control: no-cache, must-revalidate");

You could also try specifying the "Expires" header value to a date in the past.

This should prevent the browsers from caching the page.
0
 
Ray PaseurCommented:
aberns: Have you tested this system with more than one copy of the browser running?  In practice this is a rare occurrence, but in testing you can have something goofy happen.  Here is why.

The session handler sets a cookie on the browser.  If you have any instance of that browser open, the cookie persists and all instances of the browser are able to resend the cookie.  Symptoms seem like, "I just logged off, and yet it still has me logged in, etc."

There is no practical fix for this - it is just the way sessions and cookies interact with the browser.  But as I said, in practice this is very rare.

HTH, ~Ray
0
 
abernsAuthor Commented:
Hi Guys,

Thanks for your responses. I have been pulled off onto another project, but I will revisit this issue tomorrow and try the things you've suggested, both in terms of the no-cache statements, and the multiple browsers opened at once.

For now, I am sending POST variables instead of SESSION, which has solved the problem.

But I wonder in general, when collecting variables for Ecommerce or some other personal data, what is the gold standard in terms of collecting and passing variables? Encryption is of course assumed. Thanks.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Ray PaseurCommented:
SSL is all you need when you collect the data. Depending on the risk of exposure, you might want to encrypt the data whenever it is stored in a data base or transmitted over the internet.  If you want help on this, please post a question about "Sending encrypted data" and I'll be glad to show you my teaching samples on the topic.

One noteworthy matter... It is notoriously hard to debug data-dependent errors when the data is encrypted, so plan your appdev budget accordingly!!

Best, ~Ray
0
 
abernsAuthor Commented:
Thanks to both of you for the reply. I am just going to stick with POST and SSL.

0
 
abernsAuthor Commented:
Ray,

Thanks. Look for the question "Sending encrypted data" shortly.

I am also going to be posting a follow up question to an excellent solution you provided on June 11 2009, entitled "modify javascript to dynamically generate form fields as array rather than appending numbers" in the javascript section, if you are interested.

Thanks again for sharing your expertise!
0
 
Ray PaseurCommented:
10-4, and thanks for the points, ~Ray
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now