问题
My website's webpages displays webpages by using GET to retrieve variables from a predefined URL.
For example the code on the first page: index.php
<p><a href="/blank.php?name1=value1&name2=value2">next page</a></p>
The second page: blank.php?name1=value1&name2=value2
$name1 = $_GET['name1'] ;
$name2 = $_GET['name2'] ;
echo $name1 ;
echo $name2 ;
This way webpages are created on the spot and displayed kind of like a CMS and Iuse this method for all the webpages my site has, but if a user bookmarks a tab they will have out of date information for that webpage because that page content is contained in the URL.
EDIT: If I were to use post would their be a better way of conveying that information to the new webpage? instead of:
<form method="post" action="blank.php">
<input type="hidden" name="name1" value="value1">
<input type="submit">
</form>
回答1:
Quick and dirty solution: Add a timestamp parameter to your urls, like:
<p><a href="/blank.php?name1=value1&name2=value2&time=<?php echo time(); ?>">next page</a></p>
Then, on the page, check if the timestamp is older then a certain duration:
if(!isset($_GET['time']) || time() - intval($_GET['time']) > 60*60) {
header('Location: index.php');
}
$name1 = $_GET['name1'] ;
$name2 = $_GET['name2'] ;
echo htmlspecialchars($name1);
echo htmlspecialchars($name2);
So if a link is older than one hour (60 seconds times 60 minutes), it is redirected to the home page!
But this method is not very user friendly! You should better try to build your links so they never get old content when visiting!
回答2:
You could prevent the user from using the keyboard shortcut for bookmarking, but I don't think there is anyway to prevent the user from bookmarking it in their browser (or writing down the URL for that matter).
You may want to look into generating the data on the page on each page load so if the user bookmarks the URL, they see the most recent information. Or if the user didn't follow a certain path to arrive at that path display a message telling them the data is out of date.
回答3:
Using POST instead of GET Would resolve the issue for the most part, but I understand this may not be possible depending on the amount of code that you have already created. Another possible solution is to set Session variables to determine if that person should have access to this page or not. If they do not have access, than you send them back their landing page, profile, or even login page. I have done this by placing session variables that can only be set on one page, and then destroyed after the page is viewed, this way they cannot simply go back to the page because the session value is gone.
Sadly it is not possible to prevent people from creating bookmarks to your page, you simply need to filter out who can see(edit or access) it.
回答4:
You are essentially talking about user sessions only during which all the variables would make sense. Even using POST doesn't solve the problem. In the extreme case one can make a POST request (or search engine may do) and misinterpret the retrieved result. I would suggest to append a sessionid as many other websites do and on the backend to control the valid timeframe. This way you have better control of your website functionality and user experience. Whether a session has expired or not should depend on your business logic, not GET/POST methods.
来源:https://stackoverflow.com/questions/17707500/how-to-prevent-user-from-bookmarking-urls