Page 1 of 1

How to destroy session variables on Logout?

Posted: Wed Dec 09, 2009 5:29 am
by aingham
Hi All,

I have a standard situation where I am using PHP sessions and I want to log a user out. The logout function is essentially as follows:

Code: Select all

function logout() {
  @ $olduser = $_SESSION['userid'];
  $_SESSION = array();
  $result_destroy = session_destroy();
  if (!empty($olduser)) {
    if ($result_destroy) {
      $data['logout_msg'] = 'You have been logged out successfully.';
    } else {
      $data['logout_msg'] = 'Could not log you out.';
    }
  } else {
    $data['logout_msg'] = 'You were not logged in, and so have not been logged out.';
  }
}
This seems to log the user out successfully and remove session variables. However, if I use the page back button in the browser, to a page where user was logged in, then all the session variables 'reappear' and user is seen as being logged in.

How can this be possible if session variables only exist on server side and they've been destroyed?!

Very confused,

Andy

Re: How to destroy session variables on Logout?

Posted: Wed Dec 09, 2009 7:03 am
by jackpf
Loaded from cache. They're not really logged in.