Kvk Ganesh Kvk Ganesh - 3 months ago 19
HTML Question

How can i disable the back browser button after user press logout and destroy session?

I am having trouble with

session_destroy()
.

When the User press Log out it have to destroy the session. I wrote the following code:

Logout.php

<?php
session_start();
session_destroy();
header("location: LoginViewController.php");
?>


After pressing log out, when I press the browser back button it is showing my previous Logined user page and session username in Login.php page

Login.php

<?php
session_start();
$_SESSION['user']= $_GET['username'];
echo '"<div style="background:white; text-align:right"> Login as:'.$_SESSION['user'].'</div>"';
echo '<a href="Logout.php" style="text-align:right">Logout</a>';


LoginViewController.php

<?php
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");

$Username = $_POST['uname'];
$Password = $_POST['pwd'];
$User_Type=$_POST['type'];

If (!(empty($Username) && empty($Password) && empty($User_Type))){
$model = new UsersModel();
$rowsCount = $model->checkUser($Username,$Password,$User_Type);

if ($rowsCount!=0){
header("location:login.php?username=".$_POST['uname']."");
} else {
echo '<script type="text/javascript">alert("Enter username and password correctly");
window.location.href="LoginViewController.php";</script>';
}
}


I don't know why it is working like that.

Please help me to find out where i commit mistake.

I want to disable that browser back button after logout.

Answer

login.php page :

<?php 
    if (isset($_POST['uname'], $_POST['pwd'], $_POST['type'])) {
        $Username = $_POST['uname'];
        $Password = $_POST['pwd'];
        $User_Type=$_POST['type'];
        if (!(empty($Username) || empty($Password) || empty($User_Type))) 
        {
             $model = new UsersModel();
             $rowsCount = $model->checkUser($Username,$Password,$User_Type);
             if ($rowsCount!=0)
             {
                  $_SESSION['user'] = $Username;
                  header("Location:LoginViewController.php");

             } else {
                  echo 'Bad user';
             }
        } else {
             echo 'Please, fill all inputs';
        }
    } else {
        echo 'Bad form sent';
    }
?>
<form name="f1" method="POST" action="" >
    // inputs
</form>

LoginViewController.php :

<?php
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");

if (!isset($_SESSION['user'])) {
    header('Location: login.php');
    exit();
}
echo 'You have successfully logged as '.$_SESSION['user']
?>

And add the headers to force the browser to revalidate the pages :

logout.php :

<?php 
session_start();
session_destroy();
$_SESSION = array();
header("location: login.php");
?>
Comments