php session,logout and browser back button

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
nileshkulkarni
Forum Newbie
Posts: 11
Joined: Tue Jan 22, 2008 5:29 am

php session,logout and browser back button

Post by nileshkulkarni »

hi all, i am facing problem in php session, logout and browser back button. I have 4 files s1,s2,s3and logout.phpflow is ike this.
s1 accepts username and password through form and passes it to s2
s2 starts session and set session name. check for username and password. if it is matches with one stored in variables then directs to s3 by saying hallo else to s1.
s3 check if session is set and session name equal to particular value. if yes it says u r still alive else says access denied.s3 has logout button also.if we click that it takes to last logout page.
logout page say u have logged out nicely. i have provided link on logout to s1,s2,s3 again. after logout, seeions ends and one get access denied message when he tries to view s2 nad s3. so i was very happy with this.
also if u load s2 and s3 directly by providing url of that page, u get access denied. i was happy to see all this but at one moment this code shot me dead.
after clicking logout in s3 u come to logout.php and now if u click on browser back button u can see pages and content are active and functioning.
this completly made me frustating. how do i assure that after logout and ending session none of the page can be viewed again unless one goes to s1.php login page.

waiting for valuable reply. if required i can upload the code also.

nilesh
User avatar
crystal ship
Forum Commoner
Posts: 36
Joined: Wed Aug 29, 2007 5:45 am

Re: php session,logout and browser back button

Post by crystal ship »

session_destroy() in the logout page will solve your problem.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: php session,logout and browser back button

Post by Christopher »

The usual practice is to redirect to a different page after a form has validated successfully. Check out the header() function.
(#10850)
nileshkulkarni
Forum Newbie
Posts: 11
Joined: Tue Jan 22, 2008 5:29 am

Re: php session,logout and browser back button

Post by nileshkulkarni »

i have used following code for logout and session killing.

s3.php
----------
<html>
<head>
<title>s3</title>
</head>
<body>
<form method="post" action="logout.php">
<input name="logout" type="submit" value="Logout">
</form>
</body>
</html>

logout.php
----------
<?php
session_start();
if (array_key_exists('logout',$_POST))
{
$_SESSION = array();
if(isset($_cookie[SESSION_name()]))
{
setcookie(SESSION_name(),'',time()-42000, '/');
}
session_destroy();
}
?>

but still thing are not working. i ahve not tried yet header. pl advice how to use that ?

nilesh
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: php session,logout and browser back button

Post by VladSun »

Like arborint said - use header() function to redirect user to a simple "logout successful" page (or to the start login page - your choice).
There are 10 types of people in this world, those who understand binary and those who don't
nileshkulkarni
Forum Newbie
Posts: 11
Joined: Tue Jan 22, 2008 5:29 am

Re: php session,logout and browser back button

Post by nileshkulkarni »

i modified logout file to code below by redirecting to login page again.
but even then when i click on browser back button i could enetr into pages and view them

logout.php
----------
<?php
session_start();
if (array_key_exists('logout',$_POST))
{
$_SESSION = array();
if(isset($_cookie[SESSION_name()]))
{
setcookie(SESSION_name(),'',time()-42000, '/');
}
session_destroy();
header("Location: http://localhost/session1.php");
}
?>

nilesh.
Post Reply