Safari Back button not honouring PHP logout session

核能气质少年 提交于 2019-11-30 16:06:28

问题


I've got a logout.php page which ends a user's session and works well and does the following:

session_start(); session_unset(); session_destroy();

I've just noticed when testing with Safari that when you logout you can click the back button to return to the previous page which requires authentication but are not prompted. You cannot navigate away from this page without entering the navigation but it should not be displaying the previous page in the first place.

So far in my testing this is only an issue with Safari on Mac OS X and there are a number of other reports about this but with no resolution that I could find:

http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_23702691.html

I would love to be able to disable this behaviour with Safari's back button - surprised that this is happening in the first place.

Thanks, Steve


回答1:


Ensure that any page you serve which requires authentication is being sent with suitable cache control headers. The page is being displayed from the browser cache, by providing cache control which explicitly forbids caching you should be able to stop this.

From http://php.net/manual/en/function.header.php

<?php
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
?>

Specifically for Safari, there's some discussion about caches and unload events, which you might be able to use to avoid caching. It seems that WebKit does have some complications with caching in general.

http://webkit.org/blog/427/webkit-page-cache-i-the-basics/

http://webkit.org/blog/516/webkit-page-cache-ii-the-unload-event/



来源:https://stackoverflow.com/questions/3006467/safari-back-button-not-honouring-php-logout-session

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!