libertyct Posted July 2, 2008 Share Posted July 2, 2008 So i have a simple logout script which runs the following lines of code: <?php session_start(); /* when user logs out destroy the array in the session object and redirect to the default index page */ session_destroy(); echo '<meta http-equiv="refresh" content="0; url=index.php">'; ?> the problem is, this script works fine in IE but the session still remains live when I test it in Firefox? How could i get around this? Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/ Share on other sites More sharing options...
dannyb785 Posted July 2, 2008 Share Posted July 2, 2008 how can you tell the session is still active? Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580299 Share on other sites More sharing options...
DarkWater Posted July 2, 2008 Share Posted July 2, 2008 I kill my sessions with: $_SESSION = array(); session_destroy(); setcookie(session_name(), '', time()-300, '/', '', 0); Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580308 Share on other sites More sharing options...
libertyct Posted July 2, 2008 Author Share Posted July 2, 2008 how can you tell the session is still active? when i back page in Firefox it lets me go back into the site, and the validation code that i added on those pages reflects that a valid session is still active so the error message or the prompt to login does not work, but i do not seem to have this problem when i run the exact same script in IE. Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580318 Share on other sites More sharing options...
DarkWater Posted July 2, 2008 Share Posted July 2, 2008 Try my code. Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580326 Share on other sites More sharing options...
anon_login_001 Posted July 2, 2008 Share Posted July 2, 2008 when i back page in Firefox Do you mean you hit the back button? Is this a Cacheing issue? After going Back, try using the Refresh button. Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580335 Share on other sites More sharing options...
libertyct Posted July 2, 2008 Author Share Posted July 2, 2008 when i back page in Firefox Do you mean you hit the back button? Is this a Cacheing issue? After going Back, try using the Refresh button. i have to agree i think its a cacheing issue because as soon as i refresh, the validation code works. how best can i get around FireFox's cacheing behavior? Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580346 Share on other sites More sharing options...
revraz Posted July 2, 2008 Share Posted July 2, 2008 Not sure if it really matters, since they really shouldn't be able to perform any action on that page anyway, all they are seeing is what they were able to see before anyways. If they perform any action, your validation code should kick in and not process it. Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580353 Share on other sites More sharing options...
ag3nt42 Posted July 2, 2008 Share Posted July 2, 2008 i simply use <?php session_start(); //TO START and session_destroy(); // TO END I have tested them both in IE7 and in FF2 I get zero problems but may just be the situation I guess.. however I don't allow the users to do anything with forms once they are logged out.. I deny access to the pages.. Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580355 Share on other sites More sharing options...
revraz Posted July 2, 2008 Share Posted July 2, 2008 Yep, that does kill the session, but he's seeing the Cached page not the actual page. Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580356 Share on other sites More sharing options...
ag3nt42 Posted July 2, 2008 Share Posted July 2, 2008 why is he sending users back to a form if they are logged out tho? and if he is automatically redirecting them.. the back button shouldn't matter.. and he shouldn't be seeing a cached page. Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580361 Share on other sites More sharing options...
.josh Posted July 2, 2008 Share Posted July 2, 2008 He's talking about when the user clicks the back button on their browser. Pressing the back button usually brings a cached page up. It doesn't automatically send for a new page load. .. Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580362 Share on other sites More sharing options...
revraz Posted July 2, 2008 Share Posted July 2, 2008 Unless their browser is set to always check for new pages. Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580366 Share on other sites More sharing options...
ag3nt42 Posted July 2, 2008 Share Posted July 2, 2008 So i have a simple logout script which runs the following lines of code: <?php session_start(); /* when user logs out destroy the array in the session object and redirect to the default index page */ session_destroy(); echo '<meta http-equiv="refresh" content="0; url=index.php">'; ?> no it doesn't .. he is with this script the user should not even have time to hit their back button Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580368 Share on other sites More sharing options...
DarkWater Posted July 2, 2008 Share Posted July 2, 2008 Please try my code. Look, directly from the PHP manual: session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that. Okay? I know for a fact that my code works. Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580369 Share on other sites More sharing options...
ag3nt42 Posted July 2, 2008 Share Posted July 2, 2008 in the php manual it states that session_destroy(); gets rid of ALL session data... this would obviously include $_SESSION I use the $_SESSION and my values are destroyed Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580372 Share on other sites More sharing options...
DarkWater Posted July 2, 2008 Share Posted July 2, 2008 Please read the cookies part. Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580373 Share on other sites More sharing options...
ag3nt42 Posted July 2, 2008 Share Posted July 2, 2008 I read that.. but if thats true the how come my login/logout script works? it must be destroying it. I"m not sayin for him not to try you code.. but it just seems like his problem is more the cached page problem.. in which he still shouldn't have a problem because he is automatically redirecting them. Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580374 Share on other sites More sharing options...
DarkWater Posted July 2, 2008 Share Posted July 2, 2008 If the cookies are destroyed, it might not cache it. Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580376 Share on other sites More sharing options...
ag3nt42 Posted July 2, 2008 Share Posted July 2, 2008 my question is.. why does the cookies matter ne ways if he is not including them into his script? if he isn't referencing to their script and the cookie simply holds the session ID then there should be no problem Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580381 Share on other sites More sharing options...
DarkWater Posted July 2, 2008 Share Posted July 2, 2008 The browser sees that it has the same cookies so it figures that it will have the same content, so it caches it. =/ Now let's stop debating and wait for his response. Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580382 Share on other sites More sharing options...
libertyct Posted July 2, 2008 Author Share Posted July 2, 2008 @ DarkWater thanks your code works but I think revraz / ag3nt42 said it best, its the cached page that is being displayed and causing these problems. I will explain it a little further. The page i am working on is a simple page with a list of items from a database, something like an inbox in yahoo as an example. When the users chooses to sign out from that page, the sign-out button takes them to a page that contains that sign-out script, the script runs and redirects the person to the default or sign-in page. now the problem is, in IE when i sign-out, it works, and if i try to back-page after signing out, the validation code in the inbox page will detect an invalid session object and throw an error. On the other hand if i do the same sign-out and do a back page in FF, i will see the inbox page as it looked before i signed out so i have to refresh the page to clear the cache and to let the validation kick in. this is automatically done in IE but not in FF? Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580384 Share on other sites More sharing options...
ag3nt42 Posted July 2, 2008 Share Posted July 2, 2008 i still don't understand how you are using the back button if you've redirected the user from the logout page to the index page the back button should take then to the logout page again which would result in error is your logout script a popup? Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580387 Share on other sites More sharing options...
LooieENG Posted July 2, 2008 Share Posted July 2, 2008 I don't understand what the problem is. What's wrong with them seeing the page if they saw it before? They shouldn't be pressing back anyway... Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580395 Share on other sites More sharing options...
PFMaBiSmAd Posted July 2, 2008 Share Posted July 2, 2008 If this is due to the form data being resubmitted, logging the person back in, the solution is for the page that is the target of the form's action="..." parameter to redirect to a different page. In this case the back button (or browsing) to the various pages won't result in the form data being resubmitted (works as expected in FF and IE.) If this is not what is occurring, then we need to see the code along with an explanation of which file the problem occurs in and in which order the files are visited when the problem is occurring. P.S. Unsetting the session cookie (or any other cookie) is a waste of time. All someone needs to do is make a copy of the cookie and put it back after you delete it. Logging someone out should only be dependent on information located on the server. To the members asking why the back-button (or browsing to a page) and getting logged back in is a problem, suppose you log out and leave your desk. Anyone can walk up to your computer and hit the back-button or view the address history and select a page you were just on. Do you want them to become logged in? Quote Link to comment https://forums.phpfreaks.com/topic/112974-php-sessions-in-firefox/#findComment-580400 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.