Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
if (isset($_POST["logout"])) { // logout button is clicked
// destroy session session
unset($_SESSION['id']);
unset($_SESSION['name']);
session_destroy();
// destroy cookies
$sessionPath = session_get_cookie_params();
setcookie(session_name(), "", 0, $sessionPath["path"], $sessionPath["domain"]);
header('Location: http://localhost/myfolder/login.php');
} // if (isset($_POST["logout"]))
It is working correctly BUT when I click the "Go Back" button (one or many times) on the browser, I have the following message:
"the page you are trying to view contains POSTDATA taht has expired from cache. If you resend the data, any action the form carried out will be repeated. To resend the data, click OK. Otherwise, click Cancel. "
and when I click OK, it displays the home page which should be displayed after the login page. That means the browser restores an expired session.
Is any code being ran after your header() call? Put exit; after it.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
eskio wrote:"the page you are trying to view contains POSTDATA taht has expired from cache. If you resend the data, any action the form carried out will be repeated. To resend the data, click OK. Otherwise, click Cancel. "
I'm guesing that the form this message was talking about was the login form, and since you clicked OK, it logged you in again. To avoid that, after logon redirect user to a page
eskio wrote:"the page you are trying to view contains POSTDATA taht has expired from cache. If you resend the data, any action the form carried out will be repeated. To resend the data, click OK. Otherwise, click Cancel. "
I'm guesing that the form this message was talking about was the login form, and since you clicked OK, it logged you in again. To avoid that, after logon redirect user to a page