Manually Expiring Web Pages
人工使网页过期
作者: Joe Clark
翻译: detrox
After going through a series of pages during a registration process, you don't want the user to be able to go back after the final submit. What can you do to manually "expire" those pages, and perhaps display a custom message?
在填写完成某注册过程中的一系列网页后,你不想用户能够在最终提交后回到以前的页面。你应该怎样做才能人工地使这些网页过期,并且如果有可能则给出一条已定制好的消息呢。
In this scenario, I didn't want my session to expire as I needed it to continue. Instead, I used an extra session variable to track whether my session was alive or not. There are three main components: (1) the entry script, (2) the Cache-control directive, (3) the conditional check, and (4) manually expiring a portion of the session.
在这一关里,我不想让我的session过期,因为我需要它能够继续运转。我使用一个额外的session变量来跟踪我的session是否为活动的。有三个主要的组件: (1) 入口脚本 (2) 缓存控制指示符 (3)条件检测 和 (4) 人工使一部分session过期。
THE ENTRY SCRIPT
入口脚本
I use an entry script to start my session. This accomplishes two things: (1) destroys any session already in progress, and (2) starts a new session.
我使用一个入口脚本来开始我的session. 它用来完成两件事: (1) 销毁任何已经存在于过程中的session,和(2) 开始一个新的session.
entry.php:
<?php
session_start();
session_unset();
session_destroy();
session_start();
session_register('alive');
$_SESSION["alive"] = "1";
Header("Location:/php/createaccount.php");
?>
In the above script, we start the session, get rid of any registered session variables with session_unset(), and destroy that session with session_destroy(). Then, we start a new session and register a session variable. This particular variable will track whether this portion of the session is alive or not. We set the variable to some value, then we redirect to our first page in the registration series.
在上面的脚本中,我们开始session, 用session_unset()清除一切已经注册的session变量,并且用session_destory()来销毁先前的session。然后,我们开始一个新的session并且注册一个session变量。这个特定的变量将跟踪表示这部分session是否为活动的。我们将为变量设置一些值,之后重定向到我们的一系列注册网页的第一页。
CACHE-CONTROL AND CONDITIONAL CHECK
缓存控制和条件检测
In the following code snippet, we will auto-detect if the session is still in use.
在下面这段简短的代码中,我们将自动检测session是否仍然正在使用。
createaccount.php:
<?php
session_start();
header("Cache-control: must-revalidate");
if ($_SESSION["alive"] != "1") {
// User is attempting to go back after the session was destroyed
//用户试图在session被销毁前返回
Header("Location:/php/error100.php");
}
?>
The "Cache-control" directive above is very important. Using "must-revalidate" tells the browser that it has to fetch the page from the server again instead of loading if from its cache. Because it reloads the page from the server, it will re-check the $_SESSION["alive"] variable to see if its value is "1". If so, the page can load properly. If not, then we'll redirect the user to another page that contains a custom error message. Placing this script at the beginning of every page in the registration series will catch every "Back" button press by the user. It's not enough to place it on the last page in the registration series as a user could press the "Back" button more than one time. I have this snippet in createaccount.php, createaccount1.php, createaccount2.php and createaccount3.php.
上面的缓存控制指示符号非常重要。使用"must-revalidate"告诉浏览器应该用从服务器端读取网页而不是使用从浏览器的缓存中读出。因为从服务器端重新读出的网页将重新检查$_SESSION["alive"]变量看看他的值是否为1。如果是的则网页会被正常读取,如果不是那么我们将把用户重定向到一个定制了错误消息的网页。将这段脚本放到注册系列页的每一页的开始,就可以捕获每一次用户对"Back"按钮的点击。仅把这段脚本放在一系列注册网页的最后一页是不够的,因为用户可能不止一次地点击"Back"按钮。我把这段内容写入了createaccount.php, createaccount1.php, createaccount2.php and createaccount3.php.
MANUALLY EXPIRE THE SESSION
人工地使SESSION过期
The last thing to do is manually "expire" the session, or at least a portion of it. In my case, I wanted the session to stay alive, so I could not use session_unset() or session_destroy(). However, I didn't want the user to go back to the previous pages and change things. Remember that $_SESSION["alive"] variable? After the final submit, all we have to do is get rid of it. There are two ways to do this:
最后一件要做的事就是人工地使session过期,或者至少使一部分过期。在这个情况下,我想要session保持活动,因此我不能使用session_unset() 或者 session_destroy().但无论如何,我不想让用户回到前一页去改变什么。记得$_SESSION["alive"]变量吗?我们要做的就是在最后一次提交后摆脱它。有两个方法可以达到目的
createaccount4.php (the page after the final submit):
<?php
session_start();
$_SESSION["alive"] = "0";
?>
or
<?php
session_start();
session_unregister('alive');
?>
Either way will accomplish the same thing. Now, when the "Back" button is pressed, the user won't return the the previous page and be able to change data and resubmit. Instead, they will be redirected to error100.php (or whatever page you choose) and will get a custom error message.
任一方法都可以完成相同的事。现在,当"Back"按钮被按下,用户将不能回到前一页去做数据更改和重复提交。取而代之的是用户将被重定向到error100.php(或者任何你选用的页面)并且得到一个已定制的错误信息。
So, the next time you want to stop the user from going back to change data previously entered, and if you want manual control over it, use this method. Just remember that the entry script sets the session variable to the "alive" state, and the exit script (right after your final submit during the process) sets the session variable to a "not alive" state. The "Cache-control: must-revalidate" forces the browser to reload the page from the server, and the "alive" check is performed. Redirection to a custom page occurs when the session variable is not "alive".
因此,下次当你想阻止用户返回前一页改变以前输入的数据时,如果你想人工的控制它,就是用这个方法吧。记住使用入口脚本设置session变量到"alive"状态,使用出口脚本(在处理过程中最终提交动作的后面)设置session变量到"not alive"状态。"Cache-control: must-revalidate" 强迫浏览器从服务器端重新读取网页,并且实施"alive"检测。当session变量不再为"alive"时,重定向到一个定制页。