[eluser]Andy Ingham[/eluser]
Hi All,
I have a problem whereby a deleted session is reappearing after a redirect (to a completely different domain) has taken place.
I'm using CI sessions, stored on a database. After inserting numerous debug statements I've identified problem as follows:
1. When user logs out it's calling following controller function:
Code:
function index() {
$this->User_m->logout();
redirect('/login');
}
...the User_m model function being as follows:
Code:
function logout() {
$this->user_id = $this->displayname = $this->shipZone = $this->fullname = $this->telephone = $this->username
= $this->address_line_1 = $this->address_line_2 = $this->city = $this->county = $this->postcode
= $this->country = $this->distributor_id = $this->level = '';
$this->session->userdata = array();
$this->session->sess_destroy();
return;
}
2. The above code is working fine and the user is redirected to the main 'login' controller. This also works fine, but there is some processing in the login processing which identifies that the the user actually needs to login using a 'master' system, and does a redirect to this (which is on a completely different domain).
3. The redirect itself works fine, but I've noticed that when the redirect executes the previous session details details 'reappear' (albeit under a different session id).
4. This is a security problem as the user can then type in the URL of the home page and can get straight back into the system without having to login again.
Absolutely baffled by this and any help much appreciated.
Andy
