Manually Expiring Web Pages
人工使網頁過期
作者: Joe Clark
翻譯: detrox
After going through a series of pages during a registration process, you don't want the user to be able to go back after the final submit. What can you do to manually "expire" those pages, and perhaps display a custom message?
在填寫完成某注冊過程中的一系列網頁後,你不想用戶能夠在最終提交後回到以前的頁面。你應該怎樣做才能人工地使這些網頁過期,並且如果有可能則給出一條已定制好的消息呢。
In this scenario, I didn't want my session to expire as I needed it to continue. Instead, I used an extra session variable to track whether my session was alive or not. There are three main components: (1) the entry script, (2) the Cache-control directive, (3) the conditional check, and (4) manually expiring a portion of the session.
在這一關裡,我不想讓我的session過期,因為我需要它能夠繼續運轉。我使用一個額外的session變量來跟蹤我的session是否為活動的。有三個主要的組件: (1) 入口腳本 (2) 緩存控制指示符 (3)條件檢測 和 (4) 人工使一部分session過期。
THE ENTRY SCRIPT
入口腳本
I use an entry script to start my session. This accomplishes two things: (1) destroys any session already in progress, and (2) starts a new session.
我使用一個入口腳本來開始我的session. 它用來完成兩件事: (1) 銷毀任何已經存在於過程中的session,和(2) 開始一個新的session.
entry.php:
<?
php session_start(); session_unset(); session_destroy(); session_start(); session_register('alive'); $_SESSION["alive"] = "1"; Header("Location:/php/createaccount.php");?>
In the above script, we start the session, get rid of any registered session variables with session_unset(), and destroy that session with session_destroy(). Then, we start a new session and register a session variable. This particular variable will track whether this portion of the session is alive or not. We set the variable to some value, then we redirect to our first page in the registration series.
在上面的腳本中,我們開始session, 用session_unset()清除一切已經注冊的session變量,並且用session_destory()來銷毀先前的session。然後,我們開始一個新的session並且注冊一個session變量。這個特定的變量將跟蹤表示這部分session是否為活動的。我們將為變量設置一些值,之後重定向到我們的一系列注冊網頁的第一頁。
CACHE-CONTROL AND CONDITIONAL CHECK
緩存控制和條件檢測
In the following code snippet, we will auto-detect if the session is still in use.
在下面這段簡短的代碼中,我們將自動檢測session是否仍然正在使用。
createaccount.php:
<?
php session_start(); header("Cache-control: must-revalidate"); if ($_SESSION["alive"] != "1") { // User is attempting to go back after the session was destroyed //用戶試圖在session被銷毀前返回 Header("Location:/php/error100.php"); }?>
The "Cache-control" directive above is very important. Using "must-revalidate" tells the browser that it has to fetch the page from the server again instead of loading if from its cache. Because it reloads the page from the server, it will re-check the $_SESSION["alive"] variable to see if its value is "1". If so, the page can load properly. If not, then we'll redirect the user to another page that contains a custom error message. Placing this script at the beginning of every page in the registration series will catch every "Back" button press by the user. It's not enough to place it on the last page in the registration series as a user could press the "Back" button more than one time. I have this snippet in createaccount.php, createaccount1.php, createaccount2.php and createaccount3.php.
上面的緩存控制指示符號非常重要。使用"must-revalidate"告訴浏覽器應該用從服務器端讀取網頁而不是使用從浏覽器的緩存中讀出。因為從服務器端重新讀出的網頁將重新檢查$_SESSION["alive"]變量看看他的值是否為1。如果是的則網頁會被正常讀取,如果不是那麼我們將把用戶重定向到一個定制了錯誤消息的網頁。將這段腳本放到注冊系列頁的每一頁的開始,就可以捕獲每一次用戶對"Back"按鈕的點擊。僅把這段腳本放在一系列注冊網頁的最後一頁是不夠的,因為用戶可能不止一次地點擊"Back"按鈕。我把這段內容寫入了createaccount.php, createaccount1.php, createaccount2.php and createaccount3.php.
MANUALLY EXPIRE THE SESSION
人工地使SESSION過期
The last thing to do is manually "expire" the session, or at least a portion of it. In my case, I wanted the session to stay alive, so I could not use session_unset() or session_destroy(). However, I didn't want the user to go back to the previous pages and change things. Remember that $_SESSION["alive"] variable? After the final submit, all we have to do is get rid of it. There are two ways to do this:
最後一件要做的事就是人工地使session過期,或者至少使一部分過期。在這個情況下,我想要session保持活動,因此我不能使用session_unset() 或者 session_destroy().但無論如何,我不想讓用戶回到前一頁去改變什麼。記得$_SESSION["alive"]變量嗎?我們要做的就是在最後一次提交後擺脫它。有兩個方法可以達到目的
createaccount4.php (the page after the final submit):
<?php session_start(); $_SESSION["alive"] = "0"; ?> or <?php session_start(); session_unregister('alive'); ?>
Either way will accomplish the same thing. Now, when the "Back" button is pressed, the user won't return the the previous page and be able to change data and resubmit. Instead, they will be redirected to error100.php (or whatever page you choose) and will get a custom error message.
任一方法都可以完成相同的事。現在,當"Back"按鈕被按下,用戶將不能回到前一頁去做數據更改和重復提交。取而代之的是用戶將被重定向到error100.php(或者任何你選用的頁面)並且得到一個已定制的錯誤信息。
So, the next time you want to stop the user from going back to change data previously entered, and if you want manual control over it, use this method. Just remember that the entry script sets the session variable to the "alive" state, and the exit script (right after your final submit during the process) sets the session variable to a "not alive" state. The "Cache-control: must-revalidate" forces the browser to reload the page from the server, and the "alive" check is performed. Redirection to a custom page occurs when the session variable is not "alive".
因此,下次當你想阻止用戶返回前一頁改變以前輸入的數據時,如果你想人工的控制它,就是用這個方法吧。記住使用入口腳本設置session變量到"alive"狀態,使用出口腳本(在處理過程中最終提交動作的後面)設置session變量到"not alive"狀態。"Cache-control: must-revalidate" 強迫浏覽器從服務器端重新讀取網頁,並且實施"alive"檢測。當session變量不再為"alive"時,重定向到一個定制頁。