When the user clicks on the back button, most browsers that I know of do not attempt to reget the page, but use the version from the browser's cache, which means they'll see the page as if they never moved from it in the first place. But you do have to consider the few oddball browsers, as well as some that send HTTP_REFERERs when the URL is entered manually or from bookmarks, as well as ones that don't send HTTP referers at all.

As was discussed in the CB, you've got to decide for yourself how much inconvience do you want to give the customer for a possibility of a malicious cracker to modify the cart prior to them entering the secure part of the site, vs whatever secure that you lose by running the storefront without cookies or SSL or other Apache-based features. Since the worst that the cracker can appear to do is run up a lot of items on the shopping list, you simple need to make sure that in the secure area, the user has the ability to review the shopping list and delete items he/she does not want at that time.

If you do that, then all you need simply for handling the 'refering' of a product to the second user is a time out on the sessionid of 5 or so minutes, with the sessionid being refreshed with a new time out every time it is successfully accessed.

Dr. Michael K. Neylon - mneylon-pm@masemware.com || "You've left the lens cap of your mind on again, Pinky" - The Brain

In reply to Re: Re: Re: The sound of one cookie (not) authenticating by Masem
in thread The sound of one cookie (not) authenticating by Hero Zzyzzx

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.