Logout script is not working properly

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • PREETI001
    New Member
    • Jan 2013
    • 1
    #1

    Logout script is not working properly

    I have done a logout page for logout from a member section and provides a link to logout from member section.Wheneve r i clicked on logout link it redirected to index.php of member section......BU T when i am tring to go back threw back button of Browser....it send me last visted pages(means sessons not expire properly). How can i solve it... ....PLEASE HELP A GIVE ME A CORRECT SOLUTION.THE SCRIPT IS GIVEN BELOW



    Code:
    <?php //initialize the session if (!isset($_SESSION)) {   session_start(); } 
// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
    $logoutAction .= "&". htmlentities($_SERVER['QUERY_STRING']); 
}

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")) {
    // to fully log out a visitor we need to clear the session variables
    $_SESSION['MM_Username'] = NULL;
    $_SESSION['MM_UserGroup'] = NULL;
    $_SESSION['PrevUrl'] = NULL;
    unset($_SESSION['MM_Username']);  
    unset($_SESSION['MM_UserGroup']);
    unset($_SESSION['PrevUrl']);
    $logoutGoTo = "index.php";

    if ($logoutGoTo) {
        header("Location: $logoutGoTo");
        exit;
    }
} ?>
    Last edited by Rabbit; Jan 7 '13, 09:26 PM. Reason: Please use code tags when posting code.
    Tags: None
    • Atli
      Recognized Expert Expert
      • Nov 2006
      • 5062
      #2
      "BUT when i am tring to go back threw back button of Browser....it send me last visted pages(means sessons not expire properly)."
      Actually, no. When you use the back button of your browser, your browser will usually not send a new request for the page, but instead show you a cached version; the same exact page you had before. This is not behaviour PHP can control, since the page is never requests and thus PHP never executed. It doesn't mean the login was unsuccessful. If you were to hard refresh (CTRL+F5) the page, it would no doubt display as if you are logged out.

      You can suggest to the browser that it should not do this by sending the right Cache-Control headers. However, even with that, it's not 100% guaranteed that the browser won't cache a page. - For a detailed overview of HTTP caching, see HTTP/1.1: Caching in HTTP. For an example of how to apply basic Cache-Control in PHP, see Example #2 in the header() function's PHP manual entry.

        Comment

        • Exequiel
          Contributor
          • Jul 2012
          • 288
          #3
          you must put this to your index.php
          Code:
          if($_SESSION['user']=='' && $_SESSION['pwd']==''){
//process here.

}else{
   header('Location: yourpage.php');
}
          and in your yourpage.php you must put this to that page. . .

          Code:
          if($_SESSION['user']!='' && $_SESSION['pwd']!=''){

//process
}else{
    header('Location: index.php');
}
          by the use of that every time you click logout it will never go bacj to the previous page of your system. . . and also when you alredy login it will never comeback to the index.php until you didnot logout. . .I hope you got me. . .

            Comment

            • Atli
              Recognized Expert Expert
              • Nov 2006
              • 5062
              #4
              Exequiel, there are two issues with what you did there.

              The first I already explained in my previous post. The browser will not actually send a request to PHP unless it respects set Cache Control headers, and thus the PHP you posted will not be executed. No logic in the PHP code will have any effect if it's not actually being executed; if the browser is showing a cached version of pages.

              The second is how you do things. You should never use an external value (like POST or SESSION) without first making sure it actually exists. Otherwise you run the risk of getting "Undefined index" notices printed or logged all the time. Always use empty() or isset() to make sure values exists.

              You also don't need to compare the session values to anything. If you properly unset() then during logout, their presence or absence is enough to determine if the user is logged in or not.

                Comment

                Previous template Next
                Working...