On 20/08/07, tedd <tedd@xxxxxxxxxxxx> wrote: > > At 10:40 PM +0200 8/19/07, Wouter van Vliet / Interpotential wrote: > >What you're proposing, is to actually display some content on another > page > >then were the content is originally intended? I'm sorry, but I would > >consider that 'bad practice'. To me, it makes perfect sense that you > don't > >want to leave the user on the page where login was originally handled. > For > >various reasons. One very obvious would be the 'refresh thing', where > your > >browser asks the user if they want to send the form again. Quite > annoying. > >Then, what about bookmarks? ... > > > No, what I had proposed was an alternate method to accomplish what > you said you wanted. But, it appears that my efforts and the demo did > not receive sufficient attention for you to understand what wass > being presented. Instead, you tell me that what I've shown you is bad > practice -- interesting. First of all - I didn't ask the initial question ;-). Other than that, I think our philosophies our basically the same. But when you say that you are redirecting the user to another page, while you are actually including a php script - that's not my understanding of redirecting. You said that you wanted to remove login from the browser history, > which is screwing around with the user's browser and is clearly bad > practice. Generally yes, removing a page from the browser's history would be considered bad practice. However, we are not really talking about a page here. What I understood from the initial question is as follows: - http://www.site.com/ contains some login form, action of that form is (for example) /login.php - The user is sent to /login.php where the login is checked - From there, the user either gets to a content page where it would typically show "welcome {user}" or something, or back to the index page when login failed - As you see, login.php is not really a page but more of a 'pseudo page' and therefore I cannot see any reason not to send a proper 303 header. see: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html My method simply stops the user from visiting the same page more than > once during a session and leaves their browser data alone -- nothing > bad practice about that! > > AFTER my demo runs, if you repeatedly refresh the page you are > directed to, then certainly that would become annoying. But that > wasn't the intent, nor part of the demo, which you clearly didn't > read and obviously didn't understand. > > As far as "bookmarking the page", but of course you can bookmark the > page! Did you even try? > > Oh well, so much for trying to help someone understand sessions. As > my mother often said "No good deed ever goes unpunished". I've got another one, "There is no selfless good deed". If you had simply said, I don't understand, please explain; or asked > a question or two; or said thanks, but no thanks, I'm going to do it > another way, then that would have been fine. But to say that the demo > I prepared for you exhibited "bad practice", especially when you are > absolutely friggen clueless as to what it is doing, is a bit too much > -- I'll be sure to pass over your post in the future. I don't think there wasn't anybody who didn't appriciate your suggestion. Only thing I was trying to do was chip in my two cents. Again, I wasn't the one who originally asked the question and I certainly am not "friggen clueless". I just came to think about what the teacher at my Flex course from a couple of months ago said about "good and bad practice". He said there is none. If your solution works good for you, that's your good practice. And if mine doesn't work for you, it's your bad practice - while it is still my good practice. Something however I am trying to "fight" against, if you let me put it like that - is people approaching "scripts" as if they are "pages". When you are including a "script that is usually called as a page" into another script you should be very aware for any clashes between variables. Another reason why it may be easier to just put in a Location: header and call your script as it was originally intended. Wouter tedd > > --- > > > > >I would definately go for the Location: header solution! > > > >On 19/08/07, tedd <tedd@xxxxxxxxxxxx> wrote: > >> > >> At 8:52 AM +0200 8/19/07, Otto Wyss wrote: > >> >In my case I could easilly do without redirection but just exit and > >> >fall back on the calling page. Yet I want to remove the login page > >> >from the browser history. Does the header function have the same > >> >effect? > >> > > >> > >> O. Wyss: > >> > >> Instead of messing with the user's browser (not good IMO), why not > >> use $_SESSION and make it such that if the user selects the log-on > >> page again, they are redirected to another page? You don't even need > >> header() to do that. > >> > >> Here's an example: > >> > > > http://webbytedd.com/bb/one-time > >> > >> You will only see that page only once -- unless you find a way to > >> clear the session. > >> > >> The process is simply to set a session variable and allow the user to > >> see the page once. Upon returning, the session variable is checked > >> and if it is "not null", then the user is redirected to another page > >> like so: > >> > >> if($visit != null) > >> { > >> ob_clean(); > >> include('a.php'); > >> exit(0); > >> } > >> > >> Very simple. > >> > >> Cheers, > >> > >> tedd > >> > >> -- > >> ------- > >> http://sperling.com http://ancientstones.com http://earthstones.com > >> > >> -- > >> PHP General Mailing List (http://www.php.net/) > >> To unsubscribe, visit: http://www.php.net/unsub.php > >> > >> > > > > > >-- > >Interpotential.com > >Phone: +31615397471 > > > -- > ------- > http://sperling.com http://ancientstones.com http://earthstones.com > -- Interpotential.com Phone: +31615397471