我们有一个login.php页面,一个logout.php页面和一个带有此代码段的受保护页面:
<?php
$token = $_GET['token'];
$user = $_GET['user'];
// Check if logged-in.
if(!$_SESSION["$user"])
{
//Do not show protected data, redirect to login if user has logged out.
header('default: login.php');
}
?>
<!DOCTYPE html>
<html>
<head>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
..
...
当我点击退出链接时,我被重定向到login.php页面。这很好。
然而,当我点击后退按钮时,我将被带回prevoius页面,我正试图阻止这种情况发生。
该页面是否足够受保护?
我做错了什么?
谢谢。
<?php
//start the session session_start();
//check to make sure the session variable is registered
if(session_is_registered('username'))
{
//session variable is registered, the user is ready to logout
session_unset();
session_destroy();
}
Else
{
//the session variable isn't registered, the user shouldn't even be on this page
header( "Location: default.php?status=loggedout");
}
?>
的login.php
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
<title>Service Request</title>
<link rel="stylesheet" href="stylesheet.css" />
<link href="Styles/ui-lightness/jquery-ui-1.8.13.custom.css" rel="stylesheet" type="text/css" />
<link href="Styles/Site.css" rel="stylesheet" type="text/css" />
<link href="css/boxformats.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="tabs">
<div>
<br /> <br />
<br />
<?php
if(!empty($_GET['status'])){
echo '<div align=center><font color=firebrick>You have been logged out!</font><br><br>Log in again or close browser.</div>';
}
?>
<br />
<br />
<br />
<form id="FormToValidate">
<table>
<tr>
<td nowrap>
<div class="input text">
<label><strong>UserName:</strong></label>
<input maxlength="40" class="required" name="user" id="user" size="20" placeholder="Enter username!" type="text" title="Please enter a username." tabindex="2" value="" style="width:400px;color:#999;font-size:9pt;height:20px;" />
</div>
</td>
</tr>
<tr>
<td nowrap>
<div class="input text">
<label><strong>Password:</strong></label>
<input maxlength="40" class="required" name="pass" id="pass" size="20" placeholder="Enter password!" type="password" tabindex="3" title="Please enter a password." value="" style="width:400px;color:#999;font-size:9pt;height:20px;" />
</div>
</td>
</tr>
<tr>
<td></td>
<td>
<div class="buttonSubmit">
<input type="button" id="btnValidate" style="width:80px; margin-left:-152px;background-color:#fff;" value="Log In" />
</div><br clear="all"/>
</td>
</tr>
</table>
</form>
</div>
<script type="text/javascript">
$("#btnValidate").click(function() {
// Creating variables to hold data from textboxes
var uname = $("#user").val();
var upass = $("#pass").val();
$.post("validate.php",
{ data: JSON.stringify({ LoginName: uname,Password: upass }) })
.done(function(data) {
var result = JSON.parse(data);
switch(result.Status) {
case 0:
//login successful
tokenVal = result.Value.Token;
location.href = protectedpage.php?token="+tokenVal+ "&user=" + uname;
break;
case 2:
//invalid login
alert(result.Message);
break;
}
})
.fail(function() {
alert("The AJAX request failed!");
});
});
</script>
</body>
</html
答案 0 :(得分:1)
尝试:
// Check if logged-in.
if(!isset($_SESSION[$user]))
{
header("Expires: Thu, 19 Nov 1981 08:52:00 GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header('Location: login.php');
}