Indie-Resource.com

My game checks the user's email and password against its database.

So it might send you to http://www.mygame.com?emailadd=gra33@ya ... rd=green45

If gra33@yahoo.com's password wasn't green45, the page would give an error message.

However, if someone is playing on a public computer and someone else uses the back button on the same computer, they'd be able to get in.

Is there an easy way to stop this?

Instead of $_GET use $_POST method, the data exchanged between pages won't be visible on the URL.

Thanks- but can you give me an example of how to do that?

Sure.

So in your form (the login form) where the user will type his username and password you should have: change that 'GET' to 'POST'.

Then in the page where you handle the information (the same page that is in the "action" attribute of the form) you simply change $_GET for $_POST like:

You should have: You now change to:
Hope it helps

Also, if the site's content is particularly sensitive (such as college work/grades, medical info, banking info, etc.), it is a pretty common practice to advise the user to close the browser tab after they are done. You can even attempt to close it for them once they log out, but most browsers don't allow you to do that anymore without a confirmation.

Jackolantern wrote:Also, if the site's content is particularly sensitive (such as college work/grades, medical info, banking info, etc.), it is a pretty common practice to advise the user to close the browser tab after they are done. You can even attempt to close it for them once they log out, but most browsers don't allow you to do that anymore without a confirmation.

What does closing the tab do Jacko?

vitinho444 wrote:

Jackolantern wrote:Also, if the site's content is particularly sensitive (such as college work/grades, medical info, banking info, etc.), it is a pretty common practice to advise the user to close the browser tab after they are done. You can even attempt to close it for them once they log out, but most browsers don't allow you to do that anymore without a confirmation.

What does closing the tab do Jacko?

In all reality, today with Chrome and other major browsers that allow the re-opening of closed tabs, not much. But before that feature existed, it destroyed the state of the browser tab, including the ability to use the back button for a second user on a public computer from backing into the session of the first person who used the computer.

Oh, I see. But I think that using and then redirecting using a they cant go back to the session right?

They can't, correct. I think it was just a precaution against old data being shown that was already downloaded.

I get it
Thanks