[eluser]rkitkonsult[/eluser]
Hi, I'll hope someone can take their time and help me with this!
My problem:
I have a public page and a member page of a homepage. Login is required to reach the member page. When a login is successful I'll try to start a session and set a parameter in the session. In the member page I check if the session parameter is set and in that case show the page. If the session parameter is not set I redirect them to the public page. When clicking logout button I destroy the session and redirect to public page. Still, after I made a logout, and being in the public page, I can click "back" in the broswer and it will show the private page. How come?
Example of code, just the parts involving the sessions...
//Login controller
class Login extends Controller {
function Login() {
parent::Controller();
...
$this->load->library('session');
}
function index() {
...
if(approved login) {
$row = $query->row();
$user_id_from_authentication = $row->UserID;
$this->session->set_userdata('userid', $user_id_from_authentication);
redirect('/memberpage/');
}
else {
redirect('');
}
}
}
//Logout controller
class Logout extends Controller {
function Logout() {
parent::Controller();
...
$this->load->library('session');
}
function index() {
$this->session->sess_destroy();
redirect('');
}
}
//Member page
class Memberpage extends Controller {
function Memberpage() {
parent::Controller();
...
$this->load->library('session');
}
function index() {
if($this->session->userdata('userid') == TRUE) {
...load view...
}
else {
redirect('');
}
}
}
Shouldnt the session be destroyed when logout and therefore when clicking "back" in browser and Memberpage controller runs again the session->userdata('userid') be unset?
Please help!