0

I have a problem at my main.php, i get the session variables using these codes

<?php
if ($_POST['login'])
{$_SESSION['user'] = $_POST['user'];
$_SESSION['pass'] = $_POST['pass'];}
?>

when i click the button logout

<input type="submit" name="logout" value="Log out" formaction="logout.php"
formmethod="POST" />

my logout.php contains these codes

<?php
error_reporting(0);
unset($_SESSION['user']);
unset($_SESSION['pass']);
session_unset();
$_SESSION = array();
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
    $params["path"], $params["domain"],
    $params["secure"], $params["httponly"]
);
}
session_destroy();
$_POST = array();
echo " <script> window.location.href = '../login.php'; </script>";
exit();
?>

after redirecting to login.php, when i press the back button of the browser, $_POST variables still recognized. thats why my session variables are being equal again to the $_POST variable. BUT when im in main.php when i HIT the address bar of my browser then i press ENTER, my main.php will RELOAD. then i will try to log out, after logging out. i will press the back button again, and the $_POST variables doesnt exist anymore(because i cant access anymore my main.php). why is that, i need to reenter the url (NOT REFRESh) SO THAT i can get the successful logout of my project.

Jaycee
  • 149
  • 1
  • 1
  • 10

1 Answers1

0

try this:

login.php

if (isset($_POST['submit'])) {

  // if validation is ok
  //create session

}

main.php

if ( isset($_SESSION['user']) && isset($_SESSION['pass']) ) {
  echo 'Welcome back';
} else {
  header('Location:../'); // redirect them to login.php
}

logout.php

session_destroy();
header('Location: /login.php');
tonoslfx
  • 3,422
  • 15
  • 65
  • 107
  • this is a good one but, i have some tricks in my login.php, thats why i cant use this one,, i will better recode my login.thanks man – Jaycee Sep 10 '13 at 16:06