-1

Pages on my php site need to be refreshed all the time. For example I have a timetable for each user that's different and if I login and view the timetable and logout, then when I login as a different user and view that timetable it will show the previous persons timetable, unless I refresh it. There are many more pages on my site that have this issue. Do I need to do something extra on logout? I know I can user ctrl+f5 but i want the site to be able to manage things for me. Has anyone else has a similar issue to this Any suggestions?

Here's my logout code:

<?php
//include 'header.php';
session_start();
include 'dbconnect.php';
//set the session date in to an empty array
$_SESSION = array();
//Expire thier cookie files
if (isset($_COOKIE["user"]) && isset($_COOKIE["pass"]))
{
    setcookie("user", '', strtotime( '-10 days'), '/');
    setcookie("pass", '', strtotime( '-10 days'), '/');
    session_destroy();

}
//destroy the session variables
session_destroy();
//double check if the user exists
if (isset($_SESSION['username']))
{
    header("Location: message.php?msg=Error:_Logout_Failed");
} else {
    session_destroy();

    header("Location: index.php");
    exit(); 
}
session_destroy();

?>
Shaiful Islam
  • 7,034
  • 12
  • 38
  • 58
Rob177
  • 27
  • 1
  • 9

1 Answers1

0

First off, session_destroy() on its own is not enough to destroy the session data, see How can I clear my php session data correctly?

From: https://stackoverflow.com/a/6472150/3536236

After using session_destroy(), the session cookie is removed and the session is no longer stored on the server. The values in $_SESSION may still be available, but they will not be on the next page load.

edit: To typically ensure session data is cleared, try this:

session_start();
$_SESSION = array(); //clears the session data. 
session_destroy();

Secondly, this may well be an issue simply because you're signing in as several users from the same machine, which may not happen to non-admin users / host machines. Nothing on the code you've shown actually shows how the data is displayed, if you are displaying data from a fixed point such as a file (rather than a database asset) you could also explore the possibility that clearstatcache() can help you.

set headers on your PHP output page to force the page refresh, the server and header information may allow the browser to cache the page, so add something like 

header("Cache-Control: no-cache, must-revalidate"); //HTTP 1.1
header("Expires: Sat, 26 Jul 2007 05:00:00 GMT"); // Date in the past

To your output pages (above the HTML code) to ensure that the browser doesn't cache them.

Community
  • 1
  • 1
Martin
  • 22,212
  • 11
  • 70
  • 132