January 26th, 2005, 11:41 AM
|
|
Registered User
|
|
Join Date: Jul 2004
Posts: 16
Time spent in forums: 2 h 12 m 51 sec
Reputation Power: 0
|
|
|
Authentication using sessions: Problem - back button re-authenticates users
Hi, That's a problem I have.
I am authenticating my users against userid/password combinations kept in a MySQL database. When a user is authenticated, a session starts. When the users signs out, I destroy the session. So, the sessionid is deleted and any future request coming with this sessionid is treated as a security threat and the user receives my “non-authorised” page.
However:
If someone starts pressing the back button on that client’s machine, eventually the login page will comeup from the history. The user will prompted with the usual message “repost data?”. Thus, the userid/password combination is reposted and the user is authenticated! However, now I am not sure that the person sitting on the client machine is actually the same user that entered the correct userid/password in the first place.
How do I solve this?
Any ideas greatly appreciated. No need for code. Just give me some ideas.
Thanks
Daidalus13
Last edited by daidalus13 : February 7th, 2005 at 02:04 PM.
Reason: make title more precise
|
Dev Articles Community Forums Sponsor:
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
