How can I disable the back browser button after user press logout and destroy session?

I am having trouble with session_destroy().

When the User press Log out it have to destroy the session. I wrote the following code:

Logout.php

<?php
    session_start();
    session_destroy();
    header("location: LoginViewController.php");
?>

JavaScript
​x
 
<?php    session_start();    session_destroy();    header("location: LoginViewController.php");?>​

After pressing log out, when I press the browser back button it is showing my previous Logined user page and session username in Login.php page

Login.php

<?php
    session_start();
    $_SESSION['user']=  $_GET['username'];
    echo '"<div style="background:white; text-align:right"> Login as:'.$_SESSION['user'].'</div>"';
    echo '<a href="Logout.php" style="text-align:right">Logout</a>';

JavaScript
 
<?php    session_start();    $_SESSION['user']=  $_GET['username'];    echo '"<div style="background:white; text-align:right"> Login as:'.$_SESSION['user'].'</div>"';    echo '<a href="Logout.php" style="text-align:right">Logout</a>';​

LoginViewController.php

<?php
    header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
    header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");

    $Username = $_POST['uname'];
    $Password = $_POST['pwd'];
    $User_Type=$_POST['type'];

    If (!(empty($Username) && empty($Password) && empty($User_Type))){
        $model = new UsersModel();
        $rowsCount = $model->checkUser($Username,$Password,$User_Type);

        if ($rowsCount!=0){
            header("location:login.php?username=".$_POST['uname']."");  
        } else {
            echo '<script type="text/javascript">alert("Enter username and password correctly");
            window.location.href="LoginViewController.php";</script>';
        }
    }

JavaScript
 
<?php    header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");    header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");​    $Username = $_POST['uname'];    $Password = $_POST['pwd'];    $User_Type=$_POST['type'];​    If (!(empty($Username) && empty($Password) && empty($User_Type))){        $model = new UsersModel();        $rowsCount = $model->checkUser($Username,$Password,$User_Type);​        if ($rowsCount!=0){            header("location:login.php?username=".$_POST['uname']."");          } else {            echo '<script type="text/javascript">alert("Enter username and password correctly");            window.location.href="LoginViewController.php";</script>';        }    }​

I don’t know why it is working like that.

Please help me to find out where I commit mistake.

I want to disable that browser back button after logout.

Answer

<?php 
    if (isset($_POST['uname'], $_POST['pwd'], $_POST['type'])) {
        $Username = $_POST['uname'];
        $Password = $_POST['pwd'];
        $User_Type=$_POST['type'];
        if (!(empty($Username) || empty($Password) || empty($User_Type))) 
        {
             $model = new UsersModel();
             $rowsCount = $model->checkUser($Username,$Password,$User_Type);
             if ($rowsCount!=0)
             {
                  $_SESSION['user'] = $Username;
                  header("Location:LoginViewController.php");

             } else {
                  echo 'Bad user';
             }
        } else {
             echo 'Please, fill all inputs';
        }
    } else {
        echo 'Bad form sent';
    }
?>
<form name="f1" method="POST" action="" >
    // inputs
</form>

JavaScript
 
<?php     if (isset($_POST['uname'], $_POST['pwd'], $_POST['type'])) {        $Username = $_POST['uname'];        $Password = $_POST['pwd'];        $User_Type=$_POST['type'];        if (!(empty($Username) || empty($Password) || empty($User_Type)))         {             $model = new UsersModel();             $rowsCount = $model->checkUser($Username,$Password,$User_Type);             if ($rowsCount!=0)             {                  $_SESSION['user'] = $Username;                  header("Location:LoginViewController.php");​             } else {                  echo 'Bad user';             }        } else {             echo 'Please, fill all inputs';        }    } else {        echo 'Bad form sent';    }?><form name="f1" method="POST" action="" >    // inputs</form>​

LoginViewController.php :

<?php
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");

if (!isset($_SESSION['user'])) {
    header('Location: login.php');
    exit();
}
echo 'You have successfully logged as '.$_SESSION['user']
?>

JavaScript
 
<?phpheader("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");​if (!isset($_SESSION['user'])) {    header('Location: login.php');    exit();}echo 'You have successfully logged as '.$_SESSION['user']?>​

And add the headers to force the browser to revalidate the pages :

logout.php :

<?php 
session_start();
session_destroy();
$_SESSION = array();
header("location: login.php");
?>

JavaScript
 
<?php session_start();session_destroy();$_SESSION = array();header("location: login.php");?>​

Advertisement

Answer