[nycphp-talk] Issue with session_destroy()
David Krings
ramons at gmx.net
Sat Dec 2 12:19:45 EST 2006
Hi,
you need to set the page to not getting cached by a browser. I once
looked this up and found several sources that claim that these two lines
at the beginning of a page will turn caching off:
header("Cache-control: private");
header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');
From what I can tell, this works. But to be honest, I have no idea what
this really does or if it does anything, especially the second line.
Writing this kinda makes me want to know more about it, so I did a quick
google and found http://www.w3.org/P3P/ that has some more info. The
first line is most likely needed to pass on the cache preferences
through the header rather than take the browser default.
Hope this helps,
David
Aaron Fischer wrote:
> Howdy,
>
> I have a logout page where I destroy the session. However, if I click
> one of the application links it lets me back in. I believe the
> browser is loading the application page from history. If I refresh
> the page it kicks me out to the login page, which is the desired
> behavior but I would like that to happen right away.
>
> How do I ensure that my application pages are loading a fresh copy?
> If I can make that happen then presumably it will prevent this issue.
>
> The strange thing is that this doesn't seem to happen for another
> application I built but I haven't been able to find a difference in
> the code I wrote. (Am testing both in the same browser.)
>
> Thanks,
>
> -Aaron
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
More information about the talk
mailing list