I am working on a php project in codeigniter. When a user logs out, he/she is directed to login page. But when he/she clicks the back button of browser, he/she gets to see the home page just before the log out, which definitely not a good thing.
I have added session check on every page so that when a user reloads any page after logout he/she will be directed to login page.
As far as i think, this happens due to web browser using cache for the back button.So one solution as given in many stack overflow forums and others is to clear the cache, which i too did. But another problem came that the document expires after back button, which is not good from the UX point of view.
Another solution is to add javascript code to restrict the page to itself when pressing back button, which surely works. But since the javascript is client side, this won't work if you disable it from browser.
If you check the Gmail or facebook or any good site ,they handle it really well and no ,it's not by just javascript code , as suggested in this forum How Google deals with the Back Button after logout? ,
So my question is how do they handle it in real?
On home page, you'll need to check if SESSION is active.
When user is logging out, you'll need to destroy SESSION.
For example:
-On Home Page
session_start();
if(!isset($_SESSION['variableName']))
{
header("location:login.php");
}
On logout page:
session_start();
session_destroy();
Hope this helps.
One time I got that problem and finally I got many tiny solutions for that.
Put noscript tag in common header file. I return a text when the JS turn off.
<noscript>Your browser does not support JavaScript!</noscript>
Another Method to check the user logged or not at every intervel
setInterval(function(){
$("#autorefresh").load("checklogin.php?screenName=autorefresh");
}, 5000);
And finally put this back prevent js
history.pushState(null, null, 'loginController.php?time=
$currentDateTime; ?>');
window.addEventListener('popstate', function(event) {
history.pushState(null, null, 'loginController.php?time=<?php echo $currentDateTime; ?>');
});
This is my experience knowledge... Thank You
Related
I am aware of the many Post/Redirect/Get questions on here. This one is a bit different. I'm unable to find an answer that explains this particular JavaScript solution.
When you submit a form via POST and then hit the refresh button afterwards, the browser will prompt me to re-submit data. HOWEVER this prompt does not happen in the WordPress backend (when JS is enabled) and there is no Redirect/Get after the Post.
I've tried to show this in a series of screenshots below. It shows the first POST submit with the POST data printed on the page, and then the refresh causes a GET without any browser re-submit prompt.
When I disable JavaScript and hit refresh, I get the expected "Would you like to resubmit your data?" prompt and the refresh causes a second POST.
So wordpress is doing some JavaScript magic here to prevent POST data resubmission on refresh/back button.
Can anyone point me to the code in WordPress that shows how they achieve this using only JavaScript? I have no idea where to even start searching.
Do they do something with the pushstate?
Thanks!
Solution: WordPress uses window.history.replaceState on every page load.
This prevents the POST from running again on refresh or back button.
Nifty!
Non-WordPress proof of concept here: https://dtbaker.net/files/prevent-post-resubmit.php
Code is:
<script>
if ( window.history.replaceState ) {
window.history.replaceState( null, null, window.location.href );
}
</script>
the requeirment is that I want to avoid the specific web page to save to bookmark,
and is there someway to acheive this funcion just use some code, maybe add or js code . thanks
The answer is no, the user can always bookmark a page as this is browser function, but you can use sessions. Then make sure that any request for a page
must have an active session id or it returns an error or redirects to the home page. The user can bookmark the page but the bookmarks will then only work for a short time (until the session expires). This also has the added benefit of
making the site impossible to index by search engines.
The closest you're going to get is if you open another window using JavaScript as you can control whether the menubar and toolbar are displayed.
window.open(
"https://www.google.com/",
"Google",
"resizable,scrollbars,status");
However, this is likely going to be blocked by their popup blocker.
Is it possible to have a back button feature that goes back from the previous page if it was coming from the website itself (i.e. page 1 to page 2). But when user come from other site (i.e. google search result) it links to a general page from my website.
I am new to javascript and the only way I know is the href="javascript:history.go(-1)" which does not do what I want. Can someone provide an example or link to a site that can help me? thx.
You can't change the browsers back button, but you can create a regular button on the website that does this, which is what I'm guessing you want.
Something like this, checking the referrer should work
<?php
$referrer = $_SERVER['HTTP_REFERER'];
if (strpos($referrer, 'example.com') !== FALSE)) {
echo 'Go Back';
} else {
echo 'Go Back';
}
?>
If you are talking about making your own back button, then absolutely. You would need to track the referring page in php using $_SERVER['HTTP_REFERER'], and if that page is not on your site, fudge the link so it goes to your general page.
If you want the same behaviour with the browser built in back button, I think you are out of luck, you can't access the history directly for security reasons, so you have no way of knowing if the last link is on your domain or not.
I'm working on a chrome extension that will always have a current user who is logged in to GitHub. In order to switch users, I want to have a log out button in my extension that logs the current user out.
I've tried simply
chrome.windows.create({'url':'https://github.com/logout'})
Which takes me to the GitHub logout page but there is still a confirmation that the user would have to click on to successfully logout. I would like to be able to log the user out in the background or at a minimum, without them having to click on an additional confirmation.
Any thoughts?
You can check if one of the two techniques mentioned here works for you:
"How to automatically click a confirm box?": overriding the window.confirm function
"Auto Click for JavaScript confirm dialog": inserting dummy function showConfirm() at the top of the header of the Browser.Document which overwrites/suppress the original function showConfirm().
Even if the names of the methods differ in the Github confirmation page, the idea remains: if you can somehow override/silence the confirmation method, you can skip past that step.
Working Solution
When I called https://github.com/logout from an external page it showed a form with a submit/confirm button to logout. The form doesn't have an id or class but I managed to submit it using
document.getElementsByTagName('form')[1].submit();
Of course, this isn't ideal since it will break if github changes the layout of their logout page. Also, there is a delay between when the page is loaded and the form is submitted which isn't very user friendly. I'll update here if I find a better solution
I don't believe this is possible but thought I'd give it a shot.
As part of a project that I'm working on, there is a page on a different site that a user can navigate to via a standard anchor link. The destination page is sometimes rather slow to respond and the client wants to put a "timeout" in place so that if it is taking too long to navigate to the destination page, to cancel the browser navigation and show a message.
Is it possible with Javascript to cancel a browser navigation that is already in progress (i.e. the request to the destination site has already been made)? If so, how?
I conducted a simple test, it is possible. I used PHP to conduct the test but this will not be an issue if you use a different language. The bottom line is JavaScript can do it as seen in cancel.php. Please see the sample code:
sleep.php
<?php
sleep(30);
echo 'hello';
?>
cancel.php
<h1>hello?</h2>
<script type="text/javascript">
location.href='sleep.php';
setTimeout(function(){
location.href='#';
alert('it is taking too long to respond, probably the site is down!');
}, 10000);
</script>
After running cancel.php, it will redirect to sleep.php. After 10 seconds of loading time, it will stop loading sleep.php and conclude that the site is down.
You can redirect to somewhere else, while the current DOM is still alive.
I ran this simple test, and it redirects to yahoo.com
$("#btn").click(function() {
document.location.href = "http://www.google.com";
document.location.href = "http://www.yahoo.com";
});
I havent tested with a timer, but seems like it should work, although I cant be sure 100%.
Please post your findings!