1,105,340 Community Members

Destroy Session

Member Avatar
HasNor
Junior Poster
101 posts since Jan 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Hi guys,

Here I got a problem that my session expired is not secure I think..
I use this code, but user can click button back and go to previous page. Means session not destroy..
May I know why its happen. Within 15 min it will be logout but user can go the previous page by click button back. No
need to login..What I want here, that user must login again because system will destroyed within 15 min.
Anybody can help me??

<?php
header("Expires: Sat, 01 Jan 2020 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter("must-revalidate");

if(!isset($_SESSION['username']))
{

        session_destroy();
        unset($_SESSION['username']);
        header('Location: index.php');
        exit;

}
else
header( "refresh:900;url=index.php" );//auto logout(15minutes)

?>
Member Avatar
pritaeas
mod_pritaeas
11,295 posts since Jul 2006
Reputation Points: 1,420 [?]
Q&As Helped to Solve: 1,832 [?]
Skill Endorsements: 155 [?]
Moderator
Featured
Sponsor
 
0
 

Because clicking the back button will take the page from the browser's cache, without actually reloading the page.

Member Avatar
diafol
Where are my eyes?
12,949 posts since Oct 2006
Reputation Points: 1,821 [?]
Q&As Helped to Solve: 1,846 [?]
Skill Endorsements: 92 [?]
Moderator
Featured
Sponsor
 
0
 

I remember once using

session_start();
session_destroy();
session_start();

due to some problem or other. Don't know if this is useful?

Member Avatar
CoursesWeb
Newbie Poster
13 posts since Mar 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Hi,
When the back button is clicked, the browser check to load the page from cache.
Try add these meta tags in the Head zone of the HTML code, that tell the browser to not cache the page.

<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
Member Avatar
HasNor
Junior Poster
101 posts since Jan 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Thanks guys..
hurm, t've tried that way but still reload the previous page..how can i do??
i'm blur.. :(

You
This article has been dead for over three months: Start a new discussion instead
Post:
Start New Discussion
View similar articles that have also been tagged: