On 07/09/11 13:42, Richard Quadling wrote:
On 7 September 2011 12:32, Paul Waring<paul@xxxxxxxxxxxxxxxxxxx> wrote:
On 07/09/11 12:16, Richard Quadling wrote:
On 7 September 2011 11:20, Paul Waring<paul@xxxxxxxxxxxxxxxxxxx> wrote:
Can anyone suggest things which I could try? I cannot work out why this
problem is happening for some users but not me.
For browsers/extensions that do automatic read ahead (I load page A
and linked pages B and C are also retrieved).
I hadn't thought of that. However, we audit all user logins and logouts, as
well as all page requests. If the browser was pre-fetching the logout page,
we'd have 'user logout' entries in our logs, but the only notices we have
are for users logging in. If users were being logged out because of
pre-fetching, I'd expect to see each login entry have a corresponding logout
entry.
Is the potential for cached pages to be returned for a user NOT logged in?
Any pages which a user has viewed whilst logged in shouldn't be cached,
assuming the browser is respecting the headers. They are all sent with:
Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
pre-check=0
How is your code determining if they need to be redirected back to the
login page?
The test is whether two $_SESSION elements are set and match ones in the
database, plus whether the last page view by the user (stored in the
database, updated on each request) was less than one hour ago.
What changes that information?
A page load changed the 'last page view time'. Nothing changes the other
session data, except an explicit logout (which sets $_SESSION = array()
and calls session_destroy).
Can you monitor it externally?
I'm not sure what you mean by 'externally'. Most of the site requires a
login, so it's not possible for a third-party to monitor it if that's
what you mean.
--
Paul Waring
http://www.phpdeveloper.org.uk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php