You could also try using Javascript to popup a window when they close the current one, and reset your cookies (and/or destroy your session) in that window.
Pete. Kevin Stone wrote: > > Okay sorry for the misunderstanding. You can set the lifetime of the cookie > to die when the browser window is closed. Or if you use sessions this will > happen automatically. > http://www.php.net/manual/en/function.setcookie.php > -Kevin > > ----- Original Message ----- > From: "Youngie" <[EMAIL PROTECTED]> > To: "Kevin Stone" <[EMAIL PROTECTED]> > Sent: Monday, July 08, 2002 12:21 PM > Subject: Re: [PHP] Checking for a successful login and setting a global > flag. > > > Hi Kevin, > > > > Firstly, thanks for your answer. I am infact only protecting my php pages. > I > > don't really care that the user > > can bring up a form on an HTML page like query.htm, sure he can submit the > > query to query.php but it's > > there I do the check to see if the cookie has been set. Problem is someone > > could log on properly > > and the cookie would be set. They could then close the browser, someone > else > > could come along > > and the cookie would still be set. How do I clear all cookies when the > > browser is closed? > > > > Thanks > > > > John. > > > > ----- Original Message ----- > > From: "Kevin Stone" <[EMAIL PROTECTED]> > > Newsgroups: php.general > > To: "PHP-general" <[EMAIL PROTECTED]> > > Sent: Monday, July 08, 2002 11:07 AM > > Subject: Fw: [PHP] Checking for a successful login and setting a global > > flag. > > > > > > > Simply put you can not protect HTML pages through your login system. > You > > > must have some kind of continuous login/check at the top of each page. > > Give > > > the page the .php extension so it can parse and execute the check. If > > > you're using Cookies that's perfect.. you can just check for the > existance > > > of that cookie at the top of each page. Same thing if you were using > > > sessions. They can only get the cookie or the session from one > script... > > > your login script. So as long as you continuously check for that you're > > > pretty much all set. > > > -Kevin > > > > > > > ----- Original Message ----- > > > > From: "Youngie" <[EMAIL PROTECTED]> > > > > To: <[EMAIL PROTECTED]> > > > > Sent: Monday, July 08, 2002 11:54 AM > > > > Subject: [PHP] Checking for a successful login and setting a global > > flag. > > > > > > > > > > > > > Hi Follks > > > > > > > > > > I'm writing an application that requires the user to login to gain > > > access > > > > to > > > > > the rest of the site. > > > > > The login dailog is on index.html, once verified by login.php the > user > > > is > > > > > presented with a menu from > > > > > which he can select several options option1.htm which executes a > query > > > > > through option1.php etc, > > > > > option2.htm and option3.htm and so on. But there's nothing stopping > > him > > > > > from bypassing the login completely > > > > > and just brining up option2.htm directly in the browser. I'm looking > > for > > > > > some kind of mechanism to set a > > > > > flag for a successful logon in index.php that can be tested in the > > other > > > > php > > > > > scripts. > > > > > > > > > > I tried using a cookie and got that to work but the user can close > the > > > > > browser, reopen and the cookie is still > > > > > set. I looked in to session variables but one page could seem to see > > the > > > > > session variable values set in the > > > > > login page, it saw the variable was registered but not the value it > > was > > > > set > > > > > to. > > > > > > > > > > I know this has to be a simple exercise but I'm a newbie. > > > > > > > > > > Thanks > > > > > > > > > > John. > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > PHP General Mailing List (http://www.php.net/) > > > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > > > > >
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
