Session do not get destroyed
Posted: Sun Jun 10, 2012 3:03 am
I have these php files which are allow user to login and maintain sessions.
But session do not get destroyed when logout and can be navigated back to restricted page from clicking "back" button in the browser.
What can I do to solve this issue.
index.php
login.php
logged_in.php
logout.php
But session do not get destroyed when logout and can be navigated back to restricted page from clicking "back" button in the browser.
What can I do to solve this issue.
index.php
Code: Select all
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<title>Test Login</title>
</head>
<body>
<form action="login.php">
<table>
<tr>
<th>Username:</th>
<td><input class="field" type="text" width="30px" onfocus="select();" name="username" /></td>
</tr>
<tr>
<th>Password:</th>
<td><input class="field" type="password" onfocus="select();" name="password" /></td>
</tr>
<tr>
<th></th>
<td><input class="btn" type="submit" value="Login" /></td>
</tr>
</table>
</form>
</body>
</html>Code: Select all
<?php
include 'config.php';
$username=$_GET["username"];
$password=md5($_GET['password']);
$sql="SELECT * FROM tbl_users WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
session_start();
$_SESSION['username'] = $username;
header("location:logged_in.php?username=$username");
}
else {
header("location:login_failed.php");
}
?>Code: Select all
<?php
$username = $_GET['username'];
session_start();
$_SESSION['username'] = $username;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<title>Test Login Successful</title>
</head>
<body>
<?php echo "Welcome, $username"; ?>
<p>
<input type="button" onclick="javascript:window.location.href='logout.php'" value="logout" />
</p>
</body>
</html>Code: Select all
<?php
session_start();
session_unset();
session_destroy();
setcookie('username', '', time() - 1*24*60*60);
setcookie('password', '', time() - 1*24*60*60);
header("location: index.php");
?>