0

I am working on the logout of my site and I am having trouble with it. If I hit the log out button I go back to the index and if I then hit the return button in my browser I go back to the page where I was logged in. My question is how do I detroy the session right to prevent this from happening.

Here is the script if someone is logged in:

    <?php
    session_start();
?>
    <html>
    <head>
        <link href="../css/style.css" rel="stylesheet" type="text/css">
        <link href='https://fonts.googleapis.com/css?family=Titillium+Web:400,300,200' rel='stylesheet' type='text/css'>
    </head>

    <body>
    <section class="photoContainer hero" data-stellar-background-ratio="0.5 ">
        <div class="content">
            <div class="hC">
                <h1>Presenting E-bike</h1>
                <h3>Why Pedal When You Don't have Too</h3>
            </div>
            <div class="panelContainer">
                <div class="panel3">
                    <div class="symbol2"></div>
                </div>
            </div>
            <div class="inlog">
                <a class="btn" href="../index.php">Log Out</a>
                <?php
                    session_destroy();
                ?>
            </div>
        </div>
    </section>

    <section class="wrapper">
        <div class="content">
            <h2>FAQ</h2>
            <p>This is where you will find the answers on the most frequently asked questions.</p><br />
            <p><b>Q:</b> What is a content management system?<br />
                <b>A:</b> A CMS is a web application you run on your web server to help creating a website. A good CMS should be flexible and help you to make a great site. It should provide you with tools to help the layman keep track of content, while letting more experienced webmasters handle look and feel. It should also provide tools to make repetitive things less repetitive. Like, for example, News entries.<br /><br />
            </p>
            <p><b>Q:</b> Why do I need a Web Content Management System? <br />
                <b>A:</b> If you have a website, you need to have some sort of CMS.  The more sophisticated your CMS, the more things you can do with your site.  <br /><br />
            </p>
            <p><b>Q:</b> Is prior web site development experience required to use a CMS? <br />
                <b>A:</b> No.  If you can use Microsoft Word you will have no trouble editing content on your website.  No HTML or coding is required. <br /><br />
            </p>
        </div>
    </section>

    <section class="photoContainer middle" data-stellar-background-ratio="0.5">
        <div class="content">
            <div class="panelContainer">
                <div class="panel2">
                    <div class="symbol3"></div>
                </div>
            </div>
        </div>
    </section>

    <section class="wrapper">
        <div class="content">
            <h2>This is how your title would look.</h2>
            <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec facilisis tempus risus et tempor. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. In vehicula dui pretium magna sodales semper. Nunc faucibus mauris ante, in egestas urna tempus nec. Fusce rutrum est sit amet augue egestas gravida. Sed varius dui ac urna scelerisque euismod. Fusce mattis aliquam dolor at lobortis. Proin semper nulla ut nunc aliquam ultricies sed non nulla. Proin eleifend quis libero sed sodales. Mauris quis imperdiet sapien, quis facilisis orci.</p>
            <h4>This is how your subtitle would look.</h4><br />
            <p>Suspendisse potenti. Nunc mollis tellus ac dolor feugiat sagittis. Sed sit amet ex porta, dictum tellus quis, rhoncus arcu. Sed suscipit a orci at viverra. Integer non sem nec sem consequat efficitur et vitae dolor. Etiam dignissim dui in est porta congue quis id nulla. Integer tincidunt diam volutpat lacus finibus lobortis. Quisque ultricies scelerisque rhoncus.</p>
        </div>
    </section>

    <section class="photoContainer middle2" data-stellar-background-ratio="0.5 ">
        <div class="content">
            <div class="panelcontainer">
                <div class="panel1">
                    <div class="symbol"></div>

                </div>

            </div>
        </div>
    </section>

    <section class="wrapper">
        <div class="content">
            <h2>Contact</h2>
            <p>If you have any questions, or need more information, you will be able to contact us with the following information.</p>
            <br />
            <p>Telephone: (0800)12341833</p>
            <p>E-mail: <a href="../404.html">thebestcms@site.com</a></p>
            <p>Address: <a href="../404.html">GoogleMaps</a></p>
        </div>
    </section>

    <section>
        <div class="copyright">
            <p>Copyright &copy; 2016 1P6 Landstede - All rights reserved</p>
        </div>
    </section>

    <script src="../js/jquery-2.0.2.js"></script>
    <script src="../js/jquery.stellar.min.js"></script>
    <script>

        $.stellar();

    </script>
    </body>
    </html>

If needed I also will put in the index.php

    <html>
<head>
    <link href="css/style.css" rel="stylesheet" type="text/css">
    <link href='https://fonts.googleapis.com/css?family=Titillium+Web:400,300,200' rel='stylesheet' type='text/css'>
</head>

<body>
<section class="photoContainer hero" data-stellar-background-ratio="0.5 ">
    <div class="content">
        <div class="hC">
            <h1>Presenting E-bike</h1>
            <h3>Why Pedal When You Don't have Too</h3>
        </div>
        <div class="panelContainer">
            <div class="panel3">
                <div class="symbol2"></div>
            </div>
        </div>
        <div class="inlog">
            <a class="btn" href="login/login.php">Login</a>
        </div>
    </div>
</section>

<section class="wrapper">
    <div class="content">
        <h2>FAQ</h2>
        <p>This is where you will find the answers on the most frequently asked questions.</p><br />
        <p><b>Q:</b> What is a content management system?<br />
            <b>A:</b> A CMS is a web application you run on your web server to help creating a website. A good CMS should be flexible and help you to make a great site. It should provide you with tools to help the layman keep track of content, while letting more experienced webmasters handle look and feel. It should also provide tools to make repetitive things less repetitive. Like, for example, News entries.<br /><br />
        </p>
        <p><b>Q:</b> Why do I need a Web Content Management System? <br />
            <b>A:</b> If you have a website, you need to have some sort of CMS.  The more sophisticated your CMS, the more things you can do with your site.  <br /><br />
        </p>
        <p><b>Q:</b> Is prior web site development experience required to use a CMS? <br />
            <b>A:</b> No.  If you can use Microsoft Word you will have no trouble editing content on your website.  No HTML or coding is required. <br /><br />
        </p>
    </div>
</section>

<section class="photoContainer middle" data-stellar-background-ratio="0.5">
    <div class="content">
        <div class="panelContainer">
            <div class="panel2">
                <div class="symbol3"></div>
            </div>
        </div>
    </div>
</section>

<section class="wrapper">
    <div class="content">
        <h2>This is how your title would look.</h2>
        <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec facilisis tempus risus et tempor. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. In vehicula dui pretium magna sodales semper. Nunc faucibus mauris ante, in egestas urna tempus nec. Fusce rutrum est sit amet augue egestas gravida. Sed varius dui ac urna scelerisque euismod. Fusce mattis aliquam dolor at lobortis. Proin semper nulla ut nunc aliquam ultricies sed non nulla. Proin eleifend quis libero sed sodales. Mauris quis imperdiet sapien, quis facilisis orci.</p>
        <h4>This is how your subtitle would look.</h4><br />
        <p>Suspendisse potenti. Nunc mollis tellus ac dolor feugiat sagittis. Sed sit amet ex porta, dictum tellus quis, rhoncus arcu. Sed suscipit a orci at viverra. Integer non sem nec sem consequat efficitur et vitae dolor. Etiam dignissim dui in est porta congue quis id nulla. Integer tincidunt diam volutpat lacus finibus lobortis. Quisque ultricies scelerisque rhoncus.</p>
    </div>
</section>

<section class="photoContainer middle2" data-stellar-background-ratio="0.5 ">
    <div class="content">
        <div class="panelcontainer">
            <div class="panel1">
                <div class="symbol"></div>

            </div>

        </div>
    </div>
</section>

<section class="wrapper">
    <div class="content">
        <h2>Contact</h2>
        <p>If you have any questions, or need more information, you will be able to contact us with the following information.</p>
        <br />
        <p>Telephone: (0800)12341833</p>
        <p>E-mail: <a href="404.html">thebestcms@site.com</a></p>
        <p>Address: <a href="404.html">GoogleMaps</a></p>
    </div>
</section>

    <section>
        <div class="copyright">
            <p>Copyright &copy; 2016 1P6 Landstede - All rights reserved</p>
        </div>
    </section>

<script src="js/jquery-2.0.2.js"></script>
<script src="js/jquery.stellar.min.js"></script>
<script>

    $.stellar();

</script>
</body>
</html>
Remco de Baas
  • 61
  • 2
  • 11
  • you said, that when you will logged out and then press the "Back" button in your browser, you will be redirected back to your admin. But what will happened, if you press F5 (reload) button after the redirection? – pes502 Mar 17 '16 at 10:19
  • thx for finding the mistake I made in my text – Remco de Baas Mar 17 '16 at 10:22
  • Possible duplicate of [Session unset, or session\_destroy?](http://stackoverflow.com/questions/5697822/session-unset-or-session-destroy) – Jonathon Reinhart Mar 17 '16 at 10:27
  • You're aware that your `session_destroy();` is called ***every single time***, not just when someone click on the logout link...!? – deceze Mar 17 '16 at 10:38

5 Answers5

2

Assuming you're using session_destroy() to actually destroy the session, the issue is unlikely your session, the issue is likely that the browser has a cached version of the previous page. To prevent that you need to set appropriate headers that instruct the browser not to cache your authenticated pages, something like:

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0

See How to control web page caching, across all browsers? for gory details.

Community
  • 1
  • 1
deceze
  • 510,633
  • 85
  • 743
  • 889
  • deceze where should I place this because I looked it up in the link but I don't know where to place these lines of code – Remco de Baas Mar 17 '16 at 10:42
  • http://stackoverflow.com/a/2068407/476, pick the PHP solution, place those `header` calls **on top of all the pages you don't want cached.** – deceze Mar 17 '16 at 10:44
  • well I tried doing what you told me but I don't get any further because I still can use the return button to return to the logged in page – Remco de Baas Mar 17 '16 at 12:09
1

To destroy use void session_unset ( void ) in your logout function it will unset all your session variabes. for details http://php.net/manual/en/function.session-unset.php

hope it helps :)

FastTurtle
  • 1,747
  • 11
  • 15
0

You are receiving this error because the browser is loading the page from cache. As a result, no requests are made to the server. As `pes502`` pointed out in the comments, if you refresh the page requests to the server will be sent & providing you have some sort of authentication check logic, the user will be redirected to login/whatever page you have used.

I have came across this issue where I did need to fix it. You could use an Ajax request that will act as middleware to check if the the user is logged in & handle the outcome client side rather than server side.

jakehallas
  • 2,456
  • 1
  • 18
  • 26
0

Instead of

<a class="btn" href="../index.php">Log Out</a>

Just use a page called logout.php with a redirect

<?php ob_start();
    //Logs the user out
    session_start();
    unset($_SESSION['user_id']);
    session_destroy();

    header("Location: index.php");
    exit;
?>
Ross Keddy
  • 141
  • 2
  • 8
-1

Where is your logout function ? Did you try to destroy the session specifically in the logout function ? Try it and tell me the result.

user3808300
  • 23
  • 4