freelance84 Posted April 28, 2010 Share Posted April 28, 2010 The following snippet of code is from my authenticate page: if($u_pass == $row[2]) { session_start(); $_SESSION['ID'] = $row[0]; $_SESSION['username'] = $row[1]; $_SESSION['type'] = $row[3]; $_SESSION['forename'] = $row[4]; $_SESSION['surname'] = $row[5]; if ($row[3] == '1') {header("location:adw-home.php");} elseif ($row[3] == '2') {header("location:nrt-home.php");} elseif ($row[3] == '3') {header("location:rst-home.php");} } The above could seems to would and directs the user to their home page depending on type. The following is my logout code: <?php session_start(); session_destroy(); header("location:index.php") ?> The site doesn't create any cookies so is the above logout all I need to log a user out? Sometimes when though when i'm testing the site in easyphp 3.0, when i log-in go through a few pages then log out, if i just press back in the browser it just goes back into the previous page. But sometimes it does what it's meant to and says "you are not logged in" I'm guessing this is just something querky with easyphp and not closing the browser or something? Quote Link to comment Share on other sites More sharing options...
mikesta707 Posted April 29, 2010 Share Posted April 29, 2010 for such a simple login, yes thats almost all you really need. You also want to unset() all you $_SESSION variables. for example unset($_SESSION['ID']; you can add that for all your variables, and it will pretty much erase the value from memory to prevent the variables from still being on the system. see session_destroy() for more information. the page pretty much has a description of why what I said is needed at the top of the page. Quote Link to comment Share on other sites More sharing options...
freelance84 Posted April 29, 2010 Author Share Posted April 29, 2010 ahh thanks. I looked on that page you mentioned but i missed the unset(). Briliant i'll try and implement it 2mo, getting on a bit now. Quote Link to comment Share on other sites More sharing options...
freelance84 Posted April 29, 2010 Author Share Posted April 29, 2010 Should I be unsetting the SESSION variables before I use session_destroy(); or after. Or does it not really matter? Quote Link to comment Share on other sites More sharing options...
freelance84 Posted April 29, 2010 Author Share Posted April 29, 2010 I have now changed my logout.php to the following: <?php session_start(); unset($_SESSION['ID']); unset($_SESSION['username']); unset($_SESSION['type']); unset($_SESSION['forename']); unset($_SESSION['surname']); session_destroy(); header("location:index.php") ?> However on one of my pages I can still simply press back after pressing logout to go back into the page. The page in question looks like the following: <?php session_start(); if (isset($_SESSION['username'])) { $u_ID = $_SESSION['ID']; $u_name = $_SESSION['username']; $u_type = $_SESSION['type']; $u_forename = $_SESSION['forename']; $u_surname = $_SESSION['surname']; if($u_type == 2) { ............... content of the page } else echo "Sorry something has gone wrong with your user type, please contact site admin. Thank you."; } else echo "You are not logged in. Please <a href=index.html>click here</a> to log in."; ?> Quote Link to comment Share on other sites More sharing options...
freelance84 Posted April 29, 2010 Author Share Posted April 29, 2010 I've just realised I had a global on this page: if(isset($_POST['class_name'])) { $class_name = get_post('class_name'); global $class_name; } I have now changed this and every occurence of this global to an array: $class_name = array(); if(isset($_POST['class_name'])) { $class_name_get = get_post('class_name'); array_push ($class_name, $class_name_get); } But It still just lets me press back. When I do press back, I can see the contents of the page, a form, but it won't let me send as it says i'm logged out. Quote Link to comment Share on other sites More sharing options...
freelance84 Posted April 29, 2010 Author Share Posted April 29, 2010 And... a slightly more interesting point. The log out works in IE6 & Chrome 4.1 The log out works to an extent (when i press back I can see the content of the page but not send data with form) in: Firefox 3.05 and Safari 4.05 (all of which are running on winXPpro version 5.1) Quote Link to comment Share on other sites More sharing options...
freelance84 Posted April 29, 2010 Author Share Posted April 29, 2010 ? Quote Link to comment Share on other sites More sharing options...
freelance84 Posted April 29, 2010 Author Share Posted April 29, 2010 Do I have to unset() all of the $_POST as well? Quote Link to comment Share on other sites More sharing options...
freelance84 Posted May 1, 2010 Author Share Posted May 1, 2010 Ok i've now found that when I log out i can simply press back and stilll view the page because it is stored on the clients computer. The actual script doesn't rerun but will still show the page. As soon as the browser tries to re-run the script again it can't as the user has logged out and detroyed the session. I tried adding the nocache/pragma in the headers but this didn't solve anything. I later found that there is very little that can be done to prevent the browser from doing this. One work around is to add javascript to the page (but as i am trying create my site with no javascript). The reason this problem doesn't exist on chrome and ie6 is because these browsers have a built in function which forces the user to reload/refresh a page if there has been and POST to the site. This then obviously makes the browser realise the session has been destroyed. I down loaded firefox 3.6 and found this version has this function also built in. Don't know about safari. But then I'm not a fan of the granny smith world. Hope this helps anyone who comes across the same problem in the future. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.