logout code

[kadamsurekha]

hey friends!

i have a website wherein users login to browse the other pages of the site.

on logout i want the pages to expire.

i have php coding

 

so on all the pages i have written

 

session_start()

 

at the beginning

 

 

and on click of logout hyperlink the logout.php file opens wherein i have written this code:

 

<?

  session_start();

  session_destroy();

  echo "U have been successfully logged out";

?>

 

but still on click of back button of the browser the pages are shown.

 

wht can be the pbm???

 

[Yesideez]

I'd set a session variable.

$_SESSION['userid']=$userid;

 

At the beginning of each "logged in" script check if that session variable exists. If not direct back to the login page:

<?php
if (empty($_SESSION['userid'])) {
  header("Location: login.php");
  exit;
}
?>

[TreeNode]

You might want to destroy your sessions variables as well. Here's what I use to uber kill the session and its variables:

 

unset($_SESSION['username']);
unset($_SESSION['password']);
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');
}		
$_SESSION = NULL;
session_destroy();

[kadamsurekha]

hello!

i tried the code u said.

but on click of back button of the browser i get this message

 

 

 

"  The page you are trying to view contains POSTDATA that has expired from cache. If you resend the data, any action the form carried out(such as a search or online purchase will be repeated. To resend the data, click OK. Otherwise, click Cancel.  "

 

when i click on OK i get the pages open and work very well.

 

 

i want the message to be displayed as "Page cannot be displayed"

 

 

wht should be done????

[Yesideez]

Care to post some code?

[kadamsurekha]

hey,

This is the code i have written for my other pages after login

 

<?php

session_start();

include("config.php");

include("opendbs.php");

$username=$_SESSION['user'];

//$emailID=$_POST['username'];

//$password=$_POST['passwd'];

if(empty($_SESSION['user']))

{

  header("Location: index.php");

exit;

}

?>

 

 

 

and on the logout.php file i have written this code

 

<?

session_start();

unset($_SESSION['user']);

if (isset($_COOKIE[session_name()])) {

    setcookie(session_name(), '', time()-42000, '/');

}

$_SESSION = NULL;

session_destroy();

echo "You have been successfully logged out";

 

?>

 

 

still the pbm persists.

 

help?????????????

[Yesideez]

Try this:

<?php
   session_start();
   unset($_SESSION['user']);
   if (isset($_COOKIE[session_name()])) {
       setcookie(session_name(), '', time()-42000, '/');
   }      
   $_SESSION = NULL;
   session_destroy();
   header("Location: login.php");
?>

 

If when you log the user out they're redirected to the login page it should be obvious to them they've been logged out.

[kadamsurekha]

hey!

i tried the statement

 

          header("Location: index.php");

 

after session_destroy();

 

 

what i want is like how it displays in yahoo

session expired

or page cannot be displayed

 

tht way

 

but my pages open afer clicking on back button

 

 

help????????

 

[TreeNode]

There's too many unknowns about your issue. For example, you could be viewing the the cached version of the page you were just looking for, to check this click logout, hit the back button, hit refresh. You can add meta information to not cache your site.