handling logout

[bilalaslam777]

Hello guys,

 

i have a problem in logout module that when i click on the back button the session is not destroyed. i am using three functions like

• session_start();
  
• session_unset();
  
• session_destroy();
  

 

on each page. Can anyone take me out of this

 

Thanks in advance

[mikesta707]

I have used session_unset() and session_destroy() with much success. maybe post your code?

 

Edit: also make sure that on every member only page you have some sort of validation script running like

if (!isset($_SESSION['user'])){
##your not logged in message and maybe redirect
}

 

[Skepsis]

Also, try making sure the session names are correct.

You can do, print_r($_SESSION); to see all sessions in use.

 

You should be able to pinpoint where the problem is from there, most likely.

[bilalaslam777]

Hello mikesta707,

 

this is the code that i have written for logout page.

 

<?php

session_start();

session_unset();

session_destroy();

if(!(isset($_SESSION['username'])))

{

header('Location: page1.php');

}

else

{

echo $_SESSION['username'];

echo $_SESSION['product1'];

}

echo "<a href='page1.php'>Logout</a>";

 

?>

 

[mikesta707]

make sure that on every page you have you have the following code at the top:

 

if(!(isset($_SESSION['username'])))
   {
      header('Location: page1.php');
   }

 

beyond that, that script SHOULD work for logging someone out

[bilalaslam777]

please have a look on these pages. when i click on the back button, this actually doesn't display page3.php but i think fetching it from cookies.

 

 

 

page1.php

 

<body>

<form action="page2.php" method="post">

    Name:<input type="text" name="username" value="" /><br />

    Pass:<input type="password" name="pwd" value="" /><br />

    <input type="submit" name="sbt" value="Submit" />

</form>

</body>

 

page2.php

<?php

 

    session_start();

    session_unset();

    session_destroy();

   

    $username=$_POST['username'];

    $_SESSION['username']=$username;

   

   

    if(!(isset($_SESSION['username'])))

    {

        header('Location: page1.php');

    }

 

    //$_SESSION['username']=$username;

   

    echo $_SESSION['username'];

    echo "<a href='page3.php'>page3</a>";

   

 

?>

 

page3.php

 

[/]<?php

    session_start();

    session_unset();

    session_destroy();

    if(!(isset($_SESSION['username'])))

    {

        header('Location: page1.php');

    }

    else

    {

        echo $_SESSION['username'];

        //echo $_SESSION['product1'];

    }

        echo "<a href='page1.php'>Logout</a>";

   

?>[/][/]

[mikesta707]

Im not entirely sure what you mean by "this actually doesn't display page3.php but i think fetching it from cookies." but on page 2, you always set the session to something no matter what, so it will show you as logged in. change on page 2

 

$username=$_POST['username'];
    $_SESSION['username']=$username;

to

 

if (isset($P_POST['username'])){
$username=$_POST['username'];
$_SESSION['username']=$username;
}

 

that way you don't set the session even if the user didn't actually send a post request to log in. Also, you should have some sort of validation. With the current set up (assuming this is all the code you have) all anyone has to do to log in is type in a username.