0

hi all,
i had a problem with logout.Even after clicking on logout,if we press back button i am able to see the details. i am destroing the sessions also. so can any one help me....
Thank u.

<?php
       ob_start();
       @session_start();
       require_once ("check.php");
      session_destroy();
      echo "<strong style='color:#FF3333'>"."<left><h1>Successfully logged out.</h1></left>"."</strong>";
      ?>
      <html>
      <link rel="stylesheet" type="text/css" href="style.css"/> 
      <body>
      <table><tr><td><a href="login.php"><h1>Login Again ?</h1></a></td></tr></table></body></html>
4
Contributors
9
Replies
11
Views
7 Years
Discussion Span
Last Post by SKANK!!!!!
0

Hi,

If you are just pressing the "back" button after logging out you will see the page visited previously - as cached by the browser. Try going back to that page and then hitting "reload" or "refresh".

Post back if you're still having problems and we'll look at sessions/cookies :)

0

thanks for ur response.
I had done wat u said. now it is not showing any details but it is showing(i had a table) the table column names like userid,username,... i need not to display those also.wen we click on back button it should go to the login page only like gmail and yahoo mail do..

0

It may be useful if you post the content of "check.php". but it should read somethng like this:

<?php 

// valid user check

session_start();
if ($_SESSION['thisUser'] != "validUser")
{
    header("Location: login.php")
}
?>

requiring this at the very top of you php pages (before any other content except the opening "<?php") will in effect secure those pages. Assuming of course that the login page includes this code:

session_start();
$_SESSION == "validUser";

Using this code, if you were to log in, visit a page, log out and go back and refresh that page you will be automatically redirected to login.php.

Let us know how you get on

0

---check.php---

<?php
function createsessions($username,$password,$userid,$projectid,$projectname,$filename,$size,$allocatedmemory,$answer,$usedmemory,$Remainingmemory,$result,$data3)
{
    session_register();
    $_SESSION["username"] = $username;
    $_SESSION["password"] = $password;
    $_SESSION["userid"] = $userid;
    $_SESSION["projectid"] = $projectid;
    $_SESSION["projectname"] = $projectname; 
     $_SESSION["filename"] = $filename; 
     $_SESSION["size"] = $size; 
     $_SESSION["allocatedmemory"] = $allocatedmemory; 
    $_SESSION["answer"] = $answer; 
    $_SESSION["usedmemory"] = $usedmemory;    
    $_SESSION["Remainingmemory"] = $Remainingmemory;
     $_SESSION["result"] = $result;
     $_SESSION["data3"] = $data3; 
                                      
}
 
?>
0

Basically your login is secured exclusively with sessions, so calling session_destroy(); will effectively log the user out.

Let me just confirm the problem you are still having: reloading a user-area page after logging out results in some of the content still showing?

You need to include in your code a user check (as I suggested above) to go at the very top of your PHP file - before calling session_start(); or echoing anything.

So when the page is requested it will check the server for a valid session BEFORE sending any content. As long as you perform this check before outputting anything (i.e. echo/print etc) you can then use header("Location: login.php"); to automatically direct the user to the login page.

This way, if a user isn't logged in he won't be able to load a secured page (no matter what), he will always be redirected :)

I'll keep my eye on this thread and feel free to PM me if you want :)

0

Just use this

<? 
session_start();
session_destroy();
?>

name it logout.php and link your logout button

0

Don't forget to add the redirect:

Complete code for logout page (assuming session is the only validation):

<?php
session_start();
session_destroy();

header("Location: index.php");
?>

Now when the user clicks a link to logout.php they will be logged out and automatically taken to index.php.

0

in adition to checking the valid user session vairbale u should do this as a logout precashionairy:

$_SESSION = array();
session_unset();
session_destroy();
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-55, '/');
}

dont change anything, but u can change the -55 to another negatiove number only a negative number

Edited by SKANK!!!!!: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.