But session do not get destroyed when logout and can be navigated back to restricted page from clicking "back" button in the browser.
What can I do to solve this issue.
index.php
Code: Select all
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<title>Test Login</title>
</head>
<body>
<form action="login.php">
<table>
<tr>
<th>Username:</th>
<td><input class="field" type="text" width="30px" onfocus="select();" name="username" /></td>
</tr>
<tr>
<th>Password:</th>
<td><input class="field" type="password" onfocus="select();" name="password" /></td>
</tr>
<tr>
<th></th>
<td><input class="btn" type="submit" value="Login" /></td>
</tr>
</table>
</form>
</body>
</html>Code: Select all
<?php
include 'config.php';
$username=$_GET["username"];
$password=md5($_GET['password']);
$sql="SELECT * FROM tbl_users WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
session_start();
$_SESSION['username'] = $username;
header("location:logged_in.php?username=$username");
}
else {
header("location:login_failed.php");
}
?>Code: Select all
<?php
$username = $_GET['username'];
session_start();
$_SESSION['username'] = $username;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<title>Test Login Successful</title>
</head>
<body>
<?php echo "Welcome, $username"; ?>
<p>
<input type="button" onclick="javascript:window.location.href='logout.php'" value="logout" />
</p>
</body>
</html>Code: Select all
<?php
session_start();
session_unset();
session_destroy();
setcookie('username', '', time() - 1*24*60*60);
setcookie('password', '', time() - 1*24*60*60);
header("location: index.php");
?>