0

I have a problem where the user is able to go back to the login form with the browser back button, even after they have logged in. I am using php and session cookies to keep them logged in however when I go back a page the php script that is supposed to redirect the user does not run. How do I fix this? I have seen it done with other languages but never with php and session cookies, only with server side sessions.

bboek
  • 40
  • 3
  • 2
    My first thought is: Why is this a problem? Going back seems the right thing to do when you press the back button. – KIKO Software Apr 06 '21 at 18:40
  • If you really want to force a refresh on the back button you could look at this: https://stackoverflow.com/questions/43043113/how-to-force-reloading-a-page-when-using-browser-back-button – hppycoder Apr 06 '21 at 18:41
  • "_when I go back a page the php script that is supposed to redirect the user does not run._" You should update your question with the code that is not working. But I also agree with @KIKOSoftware, why is this a problem? Why do you feel the need to change the behavior from the users expectations? You would probably need to do something on the clients side to achieve this. – GrumpyCrouton Apr 06 '21 at 18:41
  • @KIKOSoftware because if they are able to go back by accident and see the login form again they might think that they have to login again, which they do not, and I think that it would decrease user usability, if they were able to log in again. Also, they might think that they are able to log into a different account without first logging out, which they are not. – bboek Apr 06 '21 at 18:49
  • The likely reason why the login form reappears is that it is retrieved from the cache, not from the server. You can [control the cache with headers](https://electrictoolbox.com/php-caching-headers). – KIKO Software Apr 06 '21 at 18:53
  • @bboek They may not _have_ to log in again, but it shouldn't hurt anything for them to do so either. Your second point seems more interesting to me. Is your service set up in a way that would break if someone tried to login from this page when they are already logged in? Do your users even have multiple accounts for this to be a worry about? – GrumpyCrouton Apr 06 '21 at 19:11
  • Please share more details, and your attempts to resolve the problem – Nico Haase Apr 06 '21 at 19:44
  • @GrumpyCrouton it may be possible that they have multiple accounts but I think it is best if they aren’t prompted to do something that they do not have to, and will have no impact on anything, as one of my highest priorities is that users don’t get frustrated and are comfortable with the website – bboek Apr 06 '21 at 19:44
  • @bboek That's true, but the in to me (as in my opinion) is that you are messing with the users expectations. They did press the back button after all, they may expect to see the login page again. I would possibly be more frustrated that the website is not behaving the way I expect. At the same time, I feel like this is a very niche issue that very very few people will actually be affected by so maybe it doesn't matter much if it goes against expecations. – GrumpyCrouton Apr 06 '21 at 19:54
  • Simple - if the session cookie exists, the log in form shouldn't. – SJacks Apr 06 '21 at 22:05

1 Answers1

0

You must place a condtion on the first login page And you have to use the session if the user was login The user headers to the main page

matinrashidi7
  • 1
  • 1