NYCPHP Meetup

[Carlos A Hoyos]

I once wrote a task managing application where users would login to see in
the home page a queue of incoming tasks and work on them.
Many users would hit the refresh button on home page, or hit the back
button after reading a task, and because the home page was reached after a
login screen (username & password posted), they would get the "page has
expired message", very annoying.

The way I solved it:
1- I coded an authenticate function: User name & password get validated,
and if OK, some important user data gets saved as session variables.
2- On top of each page, I call a validate function that starts the session
and checks the session variables in (1). If they're not registered, it will
display login page, otherwise continues with validation (acls,
initialization, etc....)

When user first logins (in index.php), I get their username/password via a
POST form. If authentication (2) returns true, I use "header" to forward
them to the mainpage (main.php), free of all forms and thus, free of the
"expired" problem when refresh/back buttons are hit.

Because on top of mainpage validation function gets called, nobody can
access it without passing first through authentication.



So, you can save your post variables (either in the DB with session as a
key, or link them to session variables (as cookies)) and then send a header
that forwards to a new php page that will fetch your variables and display
the page. Since this new page would not be associated to any post action --
your variables came from the DB, not from post --, reloading or going out
and back in with the back button will not give any "expired" problem.

Voila!!!!