Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming sess_destroy
sess_destroy
  • El Forum
    Guest
  •  
#1
03-06-2012, 07:19 PM

[eluser]Unknown[/eluser]
Hi, I'm fairly new to CodeIgniter(my first framework, actually) and PHP. My problem is how to prevent the user from viewing the previous page is he is logged out. I can see this problem with your forum software. I tried to log out and then hit the browser's back button, and I see the previous page. I use this code in my logout function
Code:
$this->session->sess_destroy(); redirect('ctrlr/login_func');
but it didn't work. Then I tried to remove the cookies, still didn't work (deleting the cookies then hitting refresh will redirect me to my login page).

I already googled this. Still no luck with their cache-control: no-cache or pragma: no-cache.
What im trying to prevent is what if you are using a public pc in a public place, and when you log out, another user will be using the pc and hit the back button. he can see your sensitive information. that's it.

im sorry for the title. couldnt think of a smarter one. giving a title is the hardest part ;-)
  • El Forum
    Guest
  •  
#2
03-06-2012, 09:39 PM

[eluser]Aken[/eluser]
This is a browser cache issue. You should encourage users to close their browsers after logging out if they're on a public computer.

There are a couple "fixes" but they are not universally compatible with all browsers. Here's some more info.
  • El Forum
    Guest
  •  
#3
03-07-2012, 12:52 AM

[eluser]InsiteFX[/eluser]
If you want to prevent users from going backwards at all, you need to keep
track of where users are in the page sequence (e.g. SequencePage=1, SequencePage=2, etc.).
You can do that via cookies, or by setting a hidden form field value in each
page, or Session variables, or database tables. You keep a full list of the
pages on the server in an array. That way, when you receive a request, you
can check the user's current positional value. If the user is on page 2 and
requests page 1, for example, you simply do a server or client-side redirect
to the page you *want* them to see. In contrast, if the user is on page 2
and requests page 3, you allow the request to proceed normally. If the value
isn't present, you redirect to the beginning of the sequence.
  • El Forum
    Guest
  •  
#4
03-07-2012, 03:55 AM

[eluser]PhilTem[/eluser]
Like @Aken said it's a browser cache issue. If you don't want browsers to cache your page on every forward/backward AND reload action (the browser will use its cache as long as it's not expired) just add an appropriate HTTP-header (keywords pragma as well as cache-control, see wikipedia) to each page. Then it should get "fixed".

But be careful since this method might slow down page loads for the user and increases load on your server since every file has to be submitted again (like css, js, images) if you don't specify their TTL explicitely.




Theme © iAndrew 2016 - Forum software by © MyBB