Skip to content
Advertisement

How can I disable the back browser button after user press logout and destroy session?

I am having trouble with session_destroy().

When the User press Log out it have to destroy the session. I wrote the following code:

Logout.php

<?php
    session_start();
    session_destroy();
    header("location: LoginViewController.php");
?>

After pressing log out, when I press the browser back button it is showing my previous Logined user page and session username in Login.php page

Login.php

<?php
    session_start();
    $_SESSION['user']=  $_GET['username'];
    echo '"<div style="background:white; text-align:right"> Login as:'.$_SESSION['user'].'</div>"';
    echo '<a href="Logout.php" style="text-align:right">Logout</a>';

LoginViewController.php

<?php
    header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
    header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");

    $Username = $_POST['uname'];
    $Password = $_POST['pwd'];
    $User_Type=$_POST['type'];

    If (!(empty($Username) && empty($Password) && empty($User_Type))){
        $model = new UsersModel();
        $rowsCount = $model->checkUser($Username,$Password,$User_Type);

        if ($rowsCount!=0){
            header("location:login.php?username=".$_POST['uname']."");  
        } else {
            echo '<script type="text/javascript">alert("Enter username and password correctly");
            window.location.href="LoginViewController.php";</script>';
        }
    }

I don’t know why it is working like that.

Please help me to find out where I commit mistake.

I want to disable that browser back button after logout.

Advertisement

Answer

login.php page : 

<?php 
    if (isset($_POST['uname'], $_POST['pwd'], $_POST['type'])) {
        $Username = $_POST['uname'];
        $Password = $_POST['pwd'];
        $User_Type=$_POST['type'];
        if (!(empty($Username) || empty($Password) || empty($User_Type))) 
        {
             $model = new UsersModel();
             $rowsCount = $model->checkUser($Username,$Password,$User_Type);
             if ($rowsCount!=0)
             {
                  $_SESSION['user'] = $Username;
                  header("Location:LoginViewController.php");

             } else {
                  echo 'Bad user';
             }
        } else {
             echo 'Please, fill all inputs';
        }
    } else {
        echo 'Bad form sent';
    }
?>
<form name="f1" method="POST" action="" >
    // inputs
</form>

LoginViewController.php :

<?php
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");

if (!isset($_SESSION['user'])) {
    header('Location: login.php');
    exit();
}
echo 'You have successfully logged as '.$_SESSION['user']
?>

And add the headers to force the browser to revalidate the pages :

logout.php : 

<?php 
session_start();
session_destroy();
$_SESSION = array();
header("location: login.php");
?>
User contributions licensed under: CC BY-SA
5 People found this is helpful
Advertisement