Page 1 of 1

LogOut not working on form pages in Safari and firefox

Posted: Thu Apr 29, 2010 6:46 pm
by freelance84
The following snippet of code is from my authenticate page:

Code: Select all

if($u_pass == $row[2])
      {
         session_start();
         $_SESSION['ID']        = $row[0];
         $_SESSION['username'] = $row[1];
         $_SESSION['type']     = $row[3];
         $_SESSION['forename'] = $row[4];
         $_SESSION['surname']  = $row[5];

         if ($row[3] == '1')
         {header("location:adw-home.php");}
         elseif ($row[3] == '2')
         {header("location:nrt-home.php");}
         elseif ($row[3] == '3')
         {header("location:rst-home.php");}
      }
The above code after checking the password starts the SESSION and takes the user to their homepage.

The next section is how all the user type 2 pages start:

Code: Select all

<?php
session_start();
if (isset($_SESSION['username']))
{
   $u_ID = $_SESSION['ID'];
   $u_name = $_SESSION['username'];
   $u_type = $_SESSION['type'];
   $u_forename = $_SESSION['forename'];
   $u_surname = $_SESSION['surname'];
   if($u_type == 2)
   {
            ............... content of the page
   }
   else echo "Sorry something has gone wrong with your user type, please contact site admin. Thank you.";
}
else echo "You are not logged in. Please <a href=index.html>click here</a> to log in.";
?>

The next section is my logout.php

Code: Select all

<?php
session_start();
unset($_SESSION['ID']);
unset($_SESSION['username']);
unset($_SESSION['type']);
unset($_SESSION['forename']);
unset($_SESSION['surname']);
session_destroy();
header("location:index.php");
?>
The logout code works on most pages.

However, when I test the log out on a page which includes a form there is a problem in Firefox and Safari:
It takes the user to the index page, appears to destroy the session but if I just press back in the browser it will go back and view the page. It won't let me use the form but I can view it. It even shows the username.

I really am stuck here and don't understand what's going on. Especially as the logout works in chrome and IE6 on all pages.

Does anyone have any ideas?

Thanks,

John.

Re: LogOut not working on form pages in Safari and Firefox

Posted: Fri Apr 30, 2010 4:24 am
by timWebUK
Prevent the browser from the caching the page by sending no-cache headers.

http://php.net/manual/en/function.header.php

View example #2

Re: LogOut not working on form pages in Safari and Firefox

Posted: Fri Apr 30, 2010 6:30 am
by freelance84
Thanks for the pointer.

I tried implementing the following code into the header of one of the pages with forms:

Code: Select all

<?php 
 header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); 
 header('Cache-Control: no-store, no-cache, must-revalidate'); 
 header('Cache-Control: post-check=0, pre-check=0', FALSE); 
 header('Pragma: no-cache'); 
?>
However this has not resolved the issue and I can still simply press back and see the page. It is only when the page is reloaded after pressing back that it realises I have logged out.

Any ides?

Re: LogOut not working on form pages in Safari and firefox

Posted: Fri Apr 30, 2010 7:29 am
by timWebUK
If you press back it doesn't rerun the script on the page, so it hasn't actually checked if you're authenticated. If you try and submit the form again it should redirect you to the login page.

There is not much you can do about this.

Re: LogOut not working on form pages in Safari and firefox

Posted: Fri Apr 30, 2010 8:08 am
by freelance84
hmm.

Well thanks for the pointer on the cache issues.

Hope I can find a work around at some point. :?

Re: LogOut not working on form pages in Safari and firefox

Posted: Fri May 07, 2010 9:34 am
by yacahuma
even if you click back and the page does not reesh, you may be a le to put a little javascript code to ajax to check the session. Never done it myself, but dont see why it will not work

Re: LogOut not working on form pages in Safari and firefox

Posted: Fri May 07, 2010 11:27 am
by freelance84
I am trying to create a site with no client side scripting (at the moment): only using, xhtml, css, php and mysql.

What I have found recently is that the later releases of firefox have a built in function which requires the user to reload the page if $_POST's were sent. This of course forces the browser to run the script again which then takes the user to the "you're not logged in" message and prevents them from seeing the page.

Re: LogOut not working on form pages in Safari and firefox

Posted: Sun May 09, 2010 3:07 am
by kaisellgren
Use Tamper Data or Live Headers extension for Firefox to see if the browser makes a HTTP request to your script. If it does not, then it takes the page from a cache.