0

so the page protection code I finally got to work is working properly in all the browsers however with safari after I log out i can click the back button and get into the protected pages and change things, however once the submit button is hit or the page is left a second time, then the protection kicks in, however this is to late if someone has already made the changes that they want to. Anyone with any ideas to fix this? here is the code protecting the page:

<?php
session_start();
include 'conection_code.php';
if(isset($_SESSION['user_id']))
{
?>

Web page code is placed here, then there is an else statment.

<?php
}else
{
    echo "<br /><br /><br /><br />";
    echo "<strong><center>"."You Are Not Authorized To view This Page......<a href='admin.php'>Please Login First !!</a>"."</center></strong>";
}
?>
2
Contributors
6
Replies
7
Views
4 Years
Discussion Span
Last Post by GraficRegret
0

Hi GrapficRegret,

Have you checked the script file where you accept the changes(data) if it also has protection not to process incomming data if they're not authenticated and authorized?

0

they shouldnt be able to get back to the page to begin with, i will try adding validation to the insert script too but that still doesnt solve that they should not be able to get to the page with the back button to begin with, thanks for the advice

Edited by GraficRegret

0

Yup, they shouldn't, I think the one that was reloaded was a cached page. I was refering to the "changed things" you were referring to; I pressumed there were writing on either your DB or some data storage.
Anyway, you can control the way the browser caches your pages. But then it will be a pain in the ass for the server if not configured well.

changes
I forgot to tell you about the PRG pattern. Try to use it to avoid refresh problem with form resubmission. Here's a reference to get you started:
PRG pattern

Edited by gon1387

0

ok thank you I will check that out, however it is still not working right, is there any way to force the page to refresh just once after hitting the back button? then the problem would be solved.

0

is there any way to force the page to refresh just once after hitting the back button?

In PHP, none. :)

Edited by gon1387

0

thats ok I just needed to add onUnload="window.addEventListener("unload", invalidateBackCache, true), into the body tag, thanks for your time.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.