IE - Hard refresh needed to accept change in login status

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
jolinar
Forum Commoner
Posts: 61
Joined: Tue May 24, 2005 4:24 pm
Location: in front of computer

IE - Hard refresh needed to accept change in login status

Post by jolinar »

Here is the problem. User authentication is misbehaving on IE. When logging in on a site I'm working on, logging in works fine on IE and Firefox, but logging out is where the browsers start acting a little oddly.

Firefox logs out fine, all pages show that I'm not logged in (e.g. going back to the admin.php page)
IE - I log out, but when going back in to admin.php, it reports that I'm logged in. The user is only shown as being logged out when a hard refresh is carried out.

This problem is driving me nuts!

The code for the logout page:

Code: Select all

<?php
	//global $current_module_name;
	global $current_url;
	//$current_url = $_SERVER['PHP_SELF']."?name=$current_module_name";

	//$address = $_SERVER['PHP_SELF'];
	if(isset($_GET['ac'])) {
		$ac = $_GET['ac'];
		scan($ac);
		
		if(loggedIn()) {
			if($ac=='logout') {
			 	if(activeAdmin()) {
					unset($_SESSION['admin']);
				}
				session_unset();
				header("Location:index.php");
			}
		}
	}
	if(loggedIn()) {
	 	$user_name = $_SESSION['user_name'];
		print "<p>Logged In As: $user_name</p>\n";
		print "<p><a href=\"$current_url&ac=logout\">Logout Here</a></p>\n";
	}
	else {
	 	print "<p>Not Logged In</p>\n";
		print <<<EOF
		<p>
		<form action="$address" method="post">
		  <label>User Name:
		    <input type="text" name="username" size="15" /></label><br/>
		  <label>Password:
		    <input type="password" name="password" size="15" /></label><br/>
		  <input type="submit" value="Log In" />
		</form>
		</p>
EOF;
	}

?>
And the function check if the user is logged in

Code: Select all

function loggedIn() {
 	if($_SESSION['logged_in']==true) {
		return true;
	}
}
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Try messing with the cache-control settings in a header() function.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

Why session_unset()? Shouldn't it be session_destroy()? The manual on session_destroy() has more pointers at logging out (i.e. deleting the SID cookie if one was used)
geodet
Forum Newbie
Posts: 2
Joined: Mon Nov 20, 2006 10:18 am

Post by geodet »

session_destroy() erases all sessions, not just specified,
so if he has more sessions, they'll all be lost.
User avatar
jolinar
Forum Commoner
Posts: 61
Joined: Tue May 24, 2005 4:24 pm
Location: in front of computer

Post by jolinar »

According to the documentation on php.net
session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie.
It's strange that the problem seems to be with IE. I've been wracking my brains and I can't figure it out
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

What about character encoding? I remember reading here recently that someone had an usual problem that seemed to stem from the character encoding put into the page.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

Hmm, do you have session autostarting, or did you miss the session_start() call?
Also, tried unsetting the cookie as well, as per the session_destroy() manual.
User avatar
jolinar
Forum Commoner
Posts: 61
Joined: Tue May 24, 2005 4:24 pm
Location: in front of computer

Post by jolinar »

Sessions are started by a session_start() call at the beginning of the program. I've checked it and there is no way it can be missing the call.
User avatar
jolinar
Forum Commoner
Posts: 61
Joined: Tue May 24, 2005 4:24 pm
Location: in front of computer

Post by jolinar »

Problem solved. It was this little piece of code:

Code: Select all

session_cache_limiter('private');
$cache_limiter = session_cache_limiter();
I tried commenting it out and it works fine. Of course I'm kinda worried about the security. I guess it's time for me to head over to the security section of the forum.
Post Reply