Jump to content

Recommended Posts

So i have a simple logout script which runs the following lines of code:

 

<?php

session_start();

/*
when user logs out
destroy the array in the session object and redirect to the
default index page
*/

session_destroy();
echo '<meta http-equiv="refresh" content="0; url=index.php">'; 

?>

 

the problem is, this script works fine in IE but the session still remains live when I test it in Firefox? How could i get around this?

Link to comment
https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/
Share on other sites

how can you tell the session is still active?

 

when i back page in Firefox it lets me go back into the site, and the validation code that i added on those pages reflects that a valid session is still active so the error message or the prompt to login does not work, but i do not seem to have this problem when i run the exact same script in IE.

when i back page in Firefox

 

Do you mean you hit the back button?

 

Is this a Cacheing issue? After going Back, try using the Refresh button.

 

i have to agree i think its a cacheing issue because as soon as i refresh, the validation code works. how best can i get around FireFox's cacheing behavior?

Not sure if it really matters, since they really shouldn't be able to perform any action on that page anyway, all they are seeing is what they were able to see before anyways.  If they perform any action, your validation code should kick in and not process it.

i simply use

 

<?php

session_start(); //TO START

 

and

 

session_destroy(); // TO END

 

I have tested them both in IE7 and in FF2

 

I get zero problems but may just be the situation I guess..

however I don't allow the users to do anything with forms once they are logged out..

I deny access to the pages..

So i have a simple logout script which runs the following lines of code:

 

<?php

session_start();

/*
when user logs out
destroy the array in the session object and redirect to the
default index page
*/

session_destroy();
echo '<meta http-equiv="refresh" content="0; url=index.php">'; 

?>

 

no it doesn't .. he is

 

with this script the user should not even have time to hit their back button

Please try my code.  Look, directly from the PHP manual:

 

session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie.

 

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

 

Okay?  I know for a fact that my code works.

I read that..

 

but if thats true the how come my login/logout script works?

 

it must be destroying it.

 

I"m not sayin for him not to try you code.. but it just seems like his problem is more the cached page problem.. in which he still shouldn't have a problem because he is automatically redirecting them.

@ DarkWater thanks your code works but I think revraz / ag3nt42 said it best, its the cached page that is being displayed and causing these problems.

 

I will explain it a little further. The page i am working on is a simple page with a list of items from a database, something like an inbox in yahoo as an example. When the users chooses to sign out from that page, the sign-out button takes them to a page that contains that sign-out script, the script runs and redirects the person to the default or sign-in page.

 

now the problem is, in IE when i sign-out, it works, and if i try to back-page after signing out, the validation code in the inbox page will detect an invalid session object and throw an error. On the other hand if i do the same sign-out and do a back page in FF, i will see the inbox page as it looked before i signed out so i have to refresh the page to clear the cache and to let the validation kick in.

 

this is automatically done in IE but not in FF?

If this is due to the form data being resubmitted, logging the person back in, the solution is for the page that is the target of the form's action="..." parameter to redirect to a different page. In this case the back button (or browsing) to the various pages won't result in the form data being resubmitted (works as expected in FF and IE.)

 

If this is not what is occurring, then we need to see the code along with an explanation of which file the problem occurs in and in which order the files are visited when the problem is occurring.

 

P.S. Unsetting the session cookie (or any other cookie) is a waste of time. All someone needs to do is make a copy of the cookie and put it back after you delete it. Logging someone out should only be dependent on information located on the server.

 

To the members asking why the back-button (or browsing to a page) and getting logged back in is a problem, suppose you log out and leave your desk. Anyone can walk up to your computer and hit the back-button or view the address history and select a page you were just on. Do you want them to become logged in?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.