当用户退出并点击浏览器中的后退按钮时,用户可以像登录一样查看该页面。
我该如何避免?
答案 0 :(得分:1)
在php中,您可以进行会话。当用户登录时,您在该会话中设置一个变量,以便您知道他们已登录,以及他们以何种身份登录。注销时,您将完全清除会话。当您单击后退按钮时,页面加载时没有会话cookie,您将看到正确的行为。
这是一个非常简单的示例,但它应该会让您知道如何使其适用于您的网站。
的login.php
//Load an existing session, or create a new session
session_start();
//You probably want to check the passwordhash against a stored
//password hash and only set this when the password was correct
$_SESSION["uid"] = 12345;
test.php(此页面将回显" a"当您登录时,否则" b")
//Load an existing session, or create a new session
session_start();
//If the user is logged in, echo "a", otherwise echo "b"
if( isset( $_SESSION["uid"] ) && $_SESSION["uid"] == 12345 ) {
echo "a";
} else {
echo "b";
}
logout.php
//Load an existing session, or create a new session
session_start();
//Remove any information in the session
$_SESSION = array();
//Invalidate the cookie associated with this session (it expires 1 second
//before now)
setcookie( session_name(), '', time() - 1 );
//Finally internally destroy the session. It no longer exists.
session_destroy();