logout issue in code igniter (PHP)

3
votes

I am storing loginuserid in session and destroy session on logout . login and logout work fine but my problem is when user logout and we press back button it still able to open visited page and even when he is actualy loged out .

User go to login page when we refresh the page . I want user not go to visited page even he press back button . Please help me out . Thanks in Advance .

3
phpcodeigniter
This has to be something with cache control. I don't think redirect helps. But, I am not sure.Prasanth
so what can we do know ?user1777954
Are you redirecting with header() function and and at the same time trying alter the cookie, within the same page request? If, so, this can be a problem. Try doing it in 2 separate operations.Vidar Vestnes

3 Answers

3
votes

This is actually because of the browser caching - you should disable this and use CodeIgniters Cache Library if any caching is needed.

Add the following to the pages where users are required to be logged in:

//Prevent browsers from using history to browse in the user system.
$this->CI->output->set_header("Cache-Control: no-store, no-cache, must-revalidate");
$this->CI->output->set_header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
$this->CI->output->set_header("Pragma: no-cache");

When pressing back in the browser the page will be refreshed,

2
votes

The reason the page shows is that the browser is bringing it from the cache. To indicate the browser that it should not show your page from the cache you could add the no-cache meta tag inside the <head> of every secure page of your app:

<meta http-equiv="Cache-Control" content="no-cache" />

Another alternative (a little convoluted) if you don't want to avoid caching, is to have javascript make an AJAX call to the server checking if the user is logged-in every time you open a secure page. Something like this:

$.getJSON('/user_logged_in.php', function(loggedIn) {
    if(!loggedIn)
        window.location.href = '/login.php';
});

The user_logged_in.php script should return TRUE or FALSE.

Hope this helps.

0
votes

There are two problems:

The first problem is even if you are clearing your session, the page is accessed by cache stored.

So you have to clear cache or don't save cache. For that right below code in your __construct function.

$this->output->set_header('Last-Modified:'.gmdate('D, d M Y H:i:s').'GMT');
$this->output->set_header('Cache-Control: no-store, no-cache, must-revalidate');
$this->output->set_header('Cache-Control: post-check=0, pre-check=0',false);
$this->output->set_header('Pragma: no-cache');

After doing this step even if you are going to previous page, where you are redirecting after login, then

You can check on that authenticated page if the user has been logged in or not.If he is not logged in he will not ab;e to go on that page.

Example:

public function after_log_in()
{
   if(!empty($SESSION['username'] && $SESSION['os_logged_in'] == true))
   {
      $this->load->view('clienview');
   }
   else
   {
      echo "You are not logged in!";
   }
}

So, after log out when you will press the back button it will check whether the user is logged in or not. If you are not logged in, it will show error to you.