ranura Posted June 10, 2012 Share Posted June 10, 2012 I have these php files which are allow user to login and maintain sessions. But session do not get destroyed when logout and can be navigated back to restricted page from clicking "back" button in the browser. What can I do to solve this issue. index.php <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta http-equiv="Content-Style-Type" content="text/css" /> <title>Test Login</title> </head> <body> <form action="login.php"> <table> <tr> <th>Username:</th> <td><input class="field" type="text" width="30px" onfocus="select();" name="username" /></td> </tr> <tr> <th>Password:</th> <td><input class="field" type="password" onfocus="select();" name="password" /></td> </tr> <tr> <th></th> <td><input class="btn" type="submit" value="Login" /></td> </tr> </table> </form> </body> </html> login.php <?php include 'config.php'; $username=$_GET["username"]; $password=md5($_GET['password']); $sql="SELECT * FROM tbl_users WHERE username='$username' and password='$password'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==1){ session_start(); $_SESSION['username'] = $username; header("location:logged_in.php?username=$username"); } else { header("location:login_failed.php"); } ?> logged_in.php <?php $username = $_GET['username']; session_start(); $_SESSION['username'] = $username; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta http-equiv="Content-Style-Type" content="text/css" /> <title>Test Login Successful</title> </head> <body> <?php echo "Welcome, $username"; ?> <p> <input type="button" onclick="javascript:window.location.href='logout.php'" value="logout" /> </p> </body> </html> logout.php <?php session_start(); session_unset(); session_destroy(); setcookie('username', '', time() - 1*24*60*60); setcookie('password', '', time() - 1*24*60*60); header("location: index.php"); ?> Quote Link to comment https://forums.phpfreaks.com/topic/263933-session-do-not-get-destroyed/ Share on other sites More sharing options...
cpd Posted June 10, 2012 Share Posted June 10, 2012 Your logged_in.php just resets the $_SESSION['username'] variable. You need to test if it is set using the isset() function. Quote Link to comment https://forums.phpfreaks.com/topic/263933-session-do-not-get-destroyed/#findComment-1352589 Share on other sites More sharing options...
insidus Posted June 10, 2012 Share Posted June 10, 2012 logged_in.php Make sure you check to see if they are logged in or not, if they are, then welcome them, if not, send them back to the login page <?php // $username = $_GET['username']; this is not needed, the data is already in the session session_start(); if(!isset($_SESSION['username'])) { header ("location: somewhere") // not logged in exit(); } else { $username = $_SESSION['username']; } ?> .... echo '<p>Welcome ' . $username . '</p>'; logout.php <?php session_start(); //session_unset(); // this is not needed, session_destory does the unset, and more session_destroy(); setcookie('username', '', time() - 1*24*60*60); setcookie('password', '', time() - 1*24*60*60); header("location: index.php"); exit(); ?> At the top of your pages, you could do <?php echo '<pre>'; print_r($_SESSION)' echo '</pre>'; ?> which will show you what session variables are being used. /insidus Quote Link to comment https://forums.phpfreaks.com/topic/263933-session-do-not-get-destroyed/#findComment-1352607 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.