CodeIgniter back button after logout

6
votes

I'm trying to stop/disable the back button functionality of the browser when a user logs out of my CodeIgniter (PHP) app. But, I think the browser is caching the page so it becomes visible despite the session being destroyed from logout.

I know the session is dead because when the user tries to do anything (click any link etc) they are kicked out through the methods in my controller.

It's not ideal to have the back button working in this manner since the previous page contains confidential information.

Not a clue how to tackle this one, maybe a redirect page in between (but then the user could slam the back button really quick right?), help!

Thanks.

6
phphtmlcodeignitersessioncaching
stackoverflow.com/questions/5251110/… not codeigniter but i think you will make it workAurimas Ličkus
check this one, I think it will help you stackoverflow.com/questions/4630484/…Ula
Thanks @Ula, the headers solution worked for me.Adam Waite

6 Answers

12
votes

Add this to prevent caching of the previous page:

header("cache-Control: no-store, no-cache, must-revalidate");
header("cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
13
votes

I think this could help you out, it works for me.

CodeIgniter Framework version: 

$this->output->set_header('Last-Modified:'.gmdate('D, d M Y H:i:s').'GMT');
$this->output->set_header('Cache-Control: no-store, no-cache, must-revalidate');
$this->output->set_header('Cache-Control: post-check=0, pre-check=0',false);
$this->output->set_header('Pragma: no-cache');

PHP version:

header('Last-Modified:'.gmdate('D, d M Y H:i:s').'GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0',false);
header('Pragma: no-cache');

if you are using PHP OOP put the above code in your constructor to initialize on your pages.

1
votes

My solution for this problem:

  1. Check that the cookie is set will with an if.
  2. Step parameters and call the login method of user model.
  3. Finally charge the corresponding views.

If the cookie is not set will redirected to the login page.

if(isset($_COOKIE['ci_session'])){ 
  $user= $this->security->xss_clean($this->input->post('user'));
  $pass= $this->security->xss_clean($this->input->post('pass'));

  $result = $usrLog->loguearUsuario($user, $pass);

  if($result == TRUE){
     $data = $this->session->set_userdata('logged_in', $sessArray);
     $this->load->view('pages/admin', $data);
  }

}else{
   header('Location: login'); 
}

I hope you learn! And sorry for my english! :-)

0
votes

after log-out goto one page show some message like "see you soon" and after some time redirect from that to desired page this might solve your problem like below code for redirecting second time header("Refresh 3; url=home.php");

0
votes

You could use javascript to close the window after they logout - thus removing any ability to go back pages.

Alot of online banks do this to solve this exact issue.

0
votes

I think the following should help you out

1) Create a logout.php file and add the following code to it

<html>
 <head>
  <script src="http://code.jquery.com/jquery-1.10.1.min.js"></script>
<script type="text/javascript">
$( document ).ready(function() {
$( "#submit" ).trigger( "click" );
});
</script>
</head>

<body>
<form action="<?php echo base_url();?>login" method="post">
<input type="submit" id="submit" style="display: none;">
</form>
</body>
</html>

2) Modify your logout function to load a above view file logout.php