Login and out using PHP

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
samsambm
Forum Newbie
Posts: 2
Joined: Tue Sep 22, 2009 3:23 am

Login and out using PHP

Post by samsambm »

Hi ,
I'm desigining a simple site using php. I've set up users account and registertion form. Also I've added a login and logout feature.

After user login to the site he is redirected to page with the option to sign out ( i've used session_unset() and session_destroy() functions.

Mu issue is that after the user is signing out he is redirected again to home page but when I clicking 'Back' on the browser , The user get again the 'sign out' option .

Is some one can help me here ?

Thanks .
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: Login and out using PHP

Post by jackpf »

The page is loaded from cache. How is this a problem? They're not actually logged in.

You could send a "no-cache" header...but that'd increase your bandwidth for no real reason tbh. I personally wouldn't bother.
samsambm
Forum Newbie
Posts: 2
Joined: Tue Sep 22, 2009 3:23 am

Re: Login and out using PHP

Post by samsambm »

There is no issue except the fact that the user see's the 'sign out' button....
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Login and out using PHP

Post by kaisellgren »

The problem is non-PHP related. You need to tell the browser not to cache anything, but as far as I know, Firefox does not obey those rules very well. Try Cache-Control along with Expires header.
jegan.aaodis
Forum Newbie
Posts: 15
Joined: Fri Oct 09, 2009 1:56 am

Re: Login and out using PHP

Post by jegan.aaodis »

Hi,

Please check the logout redirection script.
And check whether the section is closed or expired.

Thanks
Post Reply