...

View Full Version : security problem after logout



sangu
01-06-2007, 07:31 AM
Hi
after the user logged out and we press backward again and again
the browser warns some thing like "Postdata expires ,would you like to resend again" and if we press OK the loggeout user automatically logged again.
What should i do to rectify this.Shall i check sessid,if so how?

login script

<?php
session_start();
require_once('gk_fns.php');
$_SESSION['valid _email']=$_POST['email'];
$password=$_POST['password'];
html_header('');


if (!filled_out($_POST))
{
echo 'Please fill all fields';
do_html_footer();
exit;
}
$email=$_SESSION['valid _email'];

$conn=mysql_connect (","","") or die ('cannot connect to the database because: ' . mysql_error());
mysql_select_db ("",$conn);

$query="select * from login where email='$email' and password='$password'";
$result=mysql_query($query,$conn);
if(!$result)
{
do_html_heading('Problem:');
echo 'Login failed.Please try again';
html_footer();
exit;
}
else
{
$result=mysql_num_rows($result);
if(!$result>0)
{
do_html_heading('Problem:');
echo 'Login failed.The login id or password incorrect.Please <a href ="login.htm">login</a> again';
html_footer();
exit;
}
else
{
do_html_heading('Login Successful:');
echo '&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;';
echo '<a href=logout.php>[Logout]</a>';

//echo 'login succssful';
// $_SESSION['valid _email'] = $email;
if(isset($_SESSION['valid _email']))
{
$user_details=explode('@',$_SESSION['valid _email']);
$user=$user_details[0];
echo '<br /><br />Hi ';

?>
<b><font color="#FF0000"><?php echo $user ?></font></b>
<?php
echo ',welcome back.<br /> <br />';
echo '<a href=inbox.php>Go to your inbox</a>';

}
else
{
echo 'you are not logged in';
}
}
}
html_footer();

?>






logoutscript

<?php
session_start();
$_SESSION = array();
session_destroy();
header("Location: login.htm");
?>


can anyone help me?


thanks

whizard
01-06-2007, 01:02 PM
Put

header("Cache-control: Private");

after "session_start();"

on every page.

HTH,
Dan



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum