Signout cookie out of date, but still possible to go "back"

[adelante]

I save the session ID in a cookie. I check that the session is still there in every of my scripts. It all works fine.

Now, I wanted to make a signout.cgi script. and I thought the best way would be to just expire it month ago. However when I afterwords hit the back button, it IS possible to go back and see the last page.

I want it like hotmail! when I hit the signout link, then there are no way back... what do they do?

1. Is it the cookies?
2. Is it the pages that doesn't expire, so that they don't reload every single time.

Thanks!



problem 2:

2b actually, I dont quite understand how a browser knows if it should reload a page or grap the one it has in the cache. I have been lucky in my scripts, because when ever I have done some "Edit" scripts, the main page has been reloaded when I have submitted the data and gone back to the "main.cgi". But I just decovered that the index.cgi page doesn't, I have to hit reload to be redirected (I redirect if I already got a session ID).

So, problem 2: I made my script redirect using META HTTP-EQUIV if there is already a session ID. However if I just logged in (in the index.cgi page) and come to the main.cgi, and hit back, then it DOESN'T redirect me to main.cgi, which it should, because I already AM signed in!

 

[Rieekan]

Set the page caching to not cache. You can do this a few different ways, but the best is to set it in the header sent by the server side processing.

In Perl, it would look something like this:

use CGI;

my $cgi = new CGI;
print $cgi->header(-type=>'text/html',
                     -nph=>1,
                     -expires=>'+3d');

#continue with page

Hope this helps!

- George

 

[adelante]

hmm, it didn't quite work, I just got it printet instead, I dont know why thought, because I put it in the very start of my script, and my html template doesn't load until later.


I was also trying to manually put it in my html template and I tried these:

<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="cache-control" CONTENT="no-cache, no-store">

But none of them works

 

[Kirsle]

You could try using JavaScript and ajax... that way, even if the page is loaded from cache, the script still executes again, causing their browser to make new requests through the ajax.

-------------
Cuvou.com | The NEW Kirsle.net

 

[adelante]

I know nothing about ajax... it has something to do with frames or iframes?

Need a tutorial, is there a good one out there?

 

[Kirsle]

http://www.w3schools.com/ajax/default.asp

Ajax basically uses JavaScript to request other web pages, and the server response goes into a JS variable.

Here are some cut-and-pastes from a ajax-based chat client I made once...

/*

#######################################

## CreateAjaxObject(handler)         ##

##-----------------------------------##

## Creates the Ajax HTTP Request     ##

## object, handles different browsers##

#######################################

*/

function CreateAjaxObject(handler) {

	var objXmlHttp = null;



	if (navigator.userAgent.indexOf("Opera") >= 0) {

		alert ("RainbowBoi WebChat does not work in Opera.");

		return;

	}



	if (navigator.userAgent.indexOf("MSIE") >= 0) {

		var strName = "Msxml2.XMLHTTP";



		if (navigator.userAgent.indexOf("MSIE 5.5") >= 0) {

			strName = "Microsoft.XMLHTTP";

		}



		try {

			objXmlHttp = new ActiveXObject(strName);

			objXmlHttp.onreadystatechange = handler;

			return objXmlHttp;

		}

		catch(e) {

			alert ("Error. Scripting for ActiveX might be disabled.");

			return;

		}

	}



	if (navigator.userAgent.indexOf("Mozilla") >= 0) {

		objXmlHttp = new XMLHttpRequest();

		objXmlHttp.onload = handler;

		objXmlHttp.onerror = handler;

		return objXmlHttp;

	}



	return;

}

/*

#######################################

## sendMessage(string)               ##

##-----------------------------------##

## Send a message to the WebChat     ##

## interface of RB Chat.             ##

#######################################

*/

function sendMessage(str) {

	// Create the Ajax object.

	ajax = CreateAjaxObject(stateChanged);



	// A problem with the ajax object?

	if (ajax == null) {

		alert ("Error: the ajax object was not created successfully.");

		return;

	}



	// Send the message.

	var url = ChatServer.host + '?uid=' + Math.floor(Math.random()*99999) + '&' + str;

	//var url = ChatServer + '?uid=' + Math.floor(Math.random()*99999) + '&' + str;

	ajax.open ("GET", url, true);

	ajax.send (null);

}

/*

#######################################

## stateChanged()                    ##

##-----------------------------------##

## Handler for state changes on the  ##

## HTTP requests.                    ##

#######################################

*/

function stateChanged() {

	if (ajax.readyState == 4 || ajax.readyState == "complete") {

		var reply = ajax.responseText;



		var args = reply.split("|");

		var cmd = args[0];



		if (cmd == 10) {

			// 10: S_CONNECTED

			ChatServer.connected = 1;

			updateField('set', 'status', '<span class="server">Connected.</span>');

			updateField('add', 'dialog', 'Connection established with server.<br>');

			updateField('add', 'dialog', 'Your session code is: null<p>');

			updateField('add', 'dialog', 'Please log in to the RainbowBoi Chat Server with your name and password:<br>');

			updateField('add', 'dialog', '--textbox-and-stuff-goes-here--<p>');

		}

		else {

			alert ("Server Error: " + reply);

		}

	}

}

Key parts of the code...

In sendMessage(), you have to create a new ajax object with every request you make. Call

ajax.open ("GET", "[URL unfurl="true"]http://some/url.html",[/URL] true);
ajax.send (null);

to send a request, and then the stateChanged() function is called when the ajax object returns a response from the server, and "ajax.responseText" contains the text the server replied with.

It might be better to look up a tutorial to learn how this all works a little bit better.

-------------
Cuvou.com | The NEW Kirsle.net