[FX.php List] [OFF] Theory of managing sessions
Jonathan Schwartz
jschwartz at exit445.com
Mon Nov 19 07:22:19 MST 2007
Hi Folks.
Sorry for the slightly off topic post. I'm having trouble getting
this straight...
The question is how to properly use sessions to allow and limit
access to a solution. My current dilemma: how to restrict folks
from revisiting pages of a mulltipage solution after they have
completed the process...when using SID.
In my current solution, I am using SID to make sure that I don't have
cookie problems. When cookies are not available from the user's
browser, the PHPSESSID appears in the URL. The last step of the
process is a page that runs session_destroy. Yet, I can use the
browser history (Safari) and re-load pages from the solution. They
display with data from the session...and the PHPSESSID still appears
in the URL.
I thought that session_destroy was the way go to wipe the session.
For reference, This doesn't happen when browser cookies are turned
"On" and the system doesn't use SID. Also for reference, I am using
simple check at the top of each page to check whether a session is
"on" and dump to a "ended" page if the test fails..
if($_SESSION['SessionInd'] != "On" ) {
header('Location:ended.php');
}
The SessionInd is set when the user logs in. I probably need to beef this up.
What am I missing withe SID method?
Thx
Jonathan
--
Jonathan Schwartz
Exit 445 Group
jonathan at exit445.com
http://www.exit445.com
415-381-1852
More information about the FX.php_List
mailing list