Session Management and Users Leaving the Site 1

[Scanlan]

Hi all,

I'm really having a tough time with the whole session management thing.

I have a site that users must log into from one login page. If they try to short-circuit the login by opening a page directly, they get caught and sent to the login page.

But, if they go browsing around the Internet and then use the Go button, they can sneak back into my pages. I am confused because I thought going to a page not included in the site application would automatically end the session.

How can I prevent users who leave from coming back into the site without logging back in?

Thanks,
Ann

 

[Bastien]

You can add an expiry to each page, when the user leaves each page, they can not go back. You could also use the HTTP_REFERER to see where the user is coming from, if it not one of your pages, then redirect to the login.

One other thing you could try is a log out button/link that will explicitly destroy the session variables, but given the disconnected nature of the Web, many users won't use it and just move to another page. Bastien

There are many ways to skin this cat,
but it still tastes like chicken

 

[GIGN]

Why would you want to do this to your users? They have a right be logged in? Can't you just have an ordinary session timeout - so people CAN go to other sites for a while?

Add a session checker to each page instead?

BB