使用php注销后如何终止会话 [英] How to kill a session after logging out using php
问题描述
我看到了以下问题,并尝试修改部分答案,但没有成功:用户按下注销并销毁会话后,如何禁用后退浏览器按钮?"
I have seen the following question and tried to adapt part of the answer but to no luck: 'How can i disable the back browser button after user press logout and destroy session?'
我知道这个话题已经讨论了很多,人们讨厌禁用后退按钮这句话.但是,如果我有一个包含重要信息的数据库,一旦该人注销,我如何防止某人使用后退按钮并返回上一页.
I know this topic has been much discussed and people hate the phrase disable the back button. But if i have a database with important information on it, once the person logs out, how do i prevent someone from person the back button and return to the previous page.
如果看过,下面可以回答这个问题的一个答案是:我见过的一种故意破坏后退按钮使用的方法是在应用程序中的每个 URL 和每个表单中传递一个令牌.令牌会在每个页面上重新生成,一旦用户加载新页面,之前页面中的所有令牌都会失效.当用户加载页面时,该页面只会显示是否将正确的令牌(已提供给上一页上的所有链接/表单)传递给它. 任何人都可以提供一些有关如何执行此操作的见解?
One answer if have seen, and below could answer the question is: One approach I have seen for deliberately breaking the back button use is to pass a token on every URL within the application, and within every form. The token is regenerated on every page, and once the user loads a new page any tokens from previous pages are invalidated. When the user loads a page, the page will only show if the correct token (which was given to all links/forms on the previous page) was passed to it. Can any one provide some insight into how to do this?
<?php
session_start();
session_destroy();
$_SESSION = array();
header("location: login.php");
?>
标题应该放在哪里?
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
<?php
session_start(); //starts the session
if($_SESSION['user']){ //checks if user is logged in
}
else{
header("location:login.php"); // redirects if user is not logged in
}
$username = $_SESSION['user']; //assigns user value
$id_exists = false;
?>
我有一个 checklogin.php,用于检查输入的用户名和密码,以及存储在 MySQL 数据库中的用户名和密码.然后它们被重定向到file1.php.在此页面上有一个注销按钮.上面的代码存储在 logout.php 中.
I have a checklogin.php that checks the username and password entered with that stored in MySQL database. They then are redirected to file1.php. on this page there is a logout button. The code above is stored on logout.php.
当用户注销时,我不希望他们通过按后退按钮再次访问该文件.谢谢
When a user logs out i do not want them to be access the file again by pressing the back button. Thanks
推荐答案
至于标题,以下是我在搜索后经常使用的 Web 服务器中的标题:
As for headers, here are the ones from a web server I regularly use after a search:
Cache-Control: private, pre-check=0, post-check=0, max-age=0
Expires: 0
Pragma: no-cache
单击结果页面中的链接后按后退按钮会在 Firefox 中显示错误消息.我看到的唯一显着区别是 Expire: 0.
Pressing the back button after clicking a link from the results page displays an error message in Firefox. The only notable difference I see is Expire: 0.
这篇关于使用php注销后如何终止会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
