Dear Php Experts

I created few php file :
Login Page - loginform.php
this page takes user id and password and fetch department from database then it post them to :
Checking File - userchek.php
where session is created if id password and every think goes fine other wise login failed message displayed. And if it is valid user then they goes to:
Main Page - member.php
Every thing is OK. My problem is
But if user click on back button of browser then it goes back to login page and again if user click on browser forward button it comes back to Main page without verification. Now I want help to manage these two bowser buttons.
Means after login if user go back then they should not get the Main page without login.

How can I do this Can any one guide me.

Thank you for your guidence in advance
Please see the attached file for code

Recommended Answers

Dear Php Experts

I created few php file :
Login Page - loginform.php
this page takes user id and password and fetch department from database then it post them to :
Checking File - userchek.php
where session is created if id password and every think goes fine other …

Jump to Post

Dear Venkat
Can you help me to clear my doubt what you instructed...!
When any user go back or leave the Main page then do I need to end his session, if so, please tell me how to do this and where to embed the code...!
Please see the security.php …

Jump to Post

m really sorry i didnt read ur problem completely...
When u hit "back" button... the page is loaded from the cache of your browser.
To avoid this, include these lines to your restricted pages(ie which can be viewed only after login)

header(“Pragma: no-cache”);
header(“cache-Control: no-cache, must-revalidate”); // …
Jump to Post

All 10 Replies

Dear Php Experts

I created few php file :
Login Page - loginform.php
this page takes user id and password and fetch department from database then it post them to :
Checking File - userchek.php
where session is created if id password and every think goes fine other wise login failed message displayed. And if it is valid user then they goes to:
Main Page - member.php
Every thing is OK. My problem is
But if user click on back button of browser then it goes back to login page and again if user click on browser forward button it comes back to Main page without verification. Now I want help to manage these two bowser buttons.
Means after login if user go back then they should not get the Main page without login.

How can I do this Can any one guide me.

Thank you for your guidence in advance
Please see the attached file for code

Its pretty simple task to achieve..
In ur login page... before u show anything just check for existence of session for user, and if one exists use header() function to lead him to main.php page directly...
Similarly in the main page check for existence and if session is not present head him back to login.php
Hope this helps...
Cheers!!

Its pretty simple task to achieve..
In ur login page... before u show anything just check for existence of session for user, and if one exists use header() function to lead him to main.php page directly...
Similarly in the main page check for existence and if session is not present head him back to login.php
Hope this helps...
Cheers!!

Dear Venkat
Can you help me to clear my doubt what you instructed...!
When any user go back or leave the Main page then do I need to end his session, if so, please tell me how to do this and where to embed the code...!
Please see the security.php I already attached with this thread
Thanx once agin for last solution.. I am waiting for this

Dear Venkat
Can you help me to clear my doubt what you instructed...!
When any user go back or leave the Main page then do I need to end his session, if so, please tell me how to do this and where to embed the code...!
Please see the security.php I already attached with this thread
Thanx once agin for last solution.. I am waiting for this

Sorry if i didnt make myself clear in the last post..
What i am trying to tell you is dont clear the session unless user clicks on logout..
on clicking logout u can do something like..

unset($_SESSION['loginname']);

your security.php is exactly what i was trying to tell you.
just include that file on top of every page that u want only logged in users to access. U can also modify header to point to login.php instead of accessdenied page.
A similar kind of script is needed in ur login.php which does just the reverse of this ie if the session is set, the user is redirected directly to main page without showing the login page.
Did i make it clearer this time?

m really sorry i didnt read ur problem completely...
When u hit "back" button... the page is loaded from the cache of your browser.
To avoid this, include these lines to your restricted pages(ie which can be viewed only after login)

header(“Pragma: no-cache”);
header(“cache-Control: no-cache, must-revalidate”); // HTTP/1.1
header(“Expires: Mon, 26 Jul 1997 05:00:00 GMT”); // Date in the past

The previous method i mentioned should be used in conjunction with this.
Cheers!!

write like this in logout page.

<?
session_start();
$_SESSION['loginname']=' ';
if($_SESSION['loginname']==' ')
{
header('location:index.php');
}

and also write every page like below.

if($_SESSION['loginname']==' ')
{
header('location:index.php');
}

write like this in logout page.

<?
session_start();
$_SESSION['loginname']=' ';
if($_SESSION['loginname']==' ')
{
header('location:index.php');
}

and also write every page like below.

if($_SESSION['loginname']==' ')
{
header('location:index.php');
}

Thats essentially what i suggested him initially but u did the same mistake as i did... even if u clear the session, when a user hits "back" button after he logs out, he can still see the previous page as its saved in ur browser's cache..
This solution is fine but it needs to be coupled up with headers to instruct the browser not to store any page in cache..
Hope this will resolve the issue.
Cheers!!

m really sorry i didnt read ur problem completely...
When u hit "back" button... the page is loaded from the cache of your browser.
To avoid this, include these lines to your restricted pages(ie which can be viewed only after login)

header(“Pragma: no-cache”);
header(“cache-Control: no-cache, must-revalidate”); // HTTP/1.1
header(“Expires: Mon, 26 Jul 1997 05:00:00 GMT”); // Date in the past

The previous method i mentioned should be used in conjunction with this.
Cheers!!

Hi Venkat
I wrote the code in member.php between <? php ?> tag at top of the page. But nothing happened still I can use back and forward button of browser

Hi Venkat
I wrote the code in member.php between <? php ?> tag at top of the page. But nothing happened still I can use back and forward button of browser

Dear Venkat
I was waiting for your reply for the problem I told you..
You suggested some solution but not worked
Do you have solution for the problem

Dear Venkat
I was waiting for your reply for the problem I told you..
You suggested some solution but not worked
Do you have solution for the problem

Well thats all i can think of :X... may b some experts can help u out here...
or else try lookin for a solution in google...

Well thats all i can think of :X... may b some experts can help u out here...
or else try lookin for a solution in google...

OK Venkat
Thanx any way for lots of your cooperation and guidence

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.20 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.