• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Problem with browser back button

#1
[eluser]joe_h[/eluser]
Hi guys, I have doubts CI sessions. The issue is I want to do an authentication system with CI but I happen the following:

From a form in ExtJS I call the login controller function
Code:
url     : BASE_PATH+'index.php/login/validar',

The method is this: Verify that the user is in the database

Code:
public function validar()
    {
        if($this->usuario_model->verificar($this->input->post('user'), $this->input->post('pass'))){
            $this->json->GenerarRespJSON();
        }else{
            $this->json->setReason('Usuario o contraseña incorrecto');
            $this->json->GenerarMensajeJSONText();
        }
    }

If is TRUE I call the method to start the application that contain the logout

Code:
BASE_PATH+'index.php/login/iniciar/'+user

the start method is defined as follows:
Code:
public function iniciar($user)
    {
        $newdata = array(
            'username'  => '$user',
            'logged_in' => TRUE
        );
        $this->session->set_userdata($newdata);

        $this->load->view('evento');
        ........ more call views.......
        $this->load->view('index_aplication');
    }

The logout calls this method:
Code:
public function cerrar()
    {
        $this->session->sess_destroy();
        $this->load->view('inicio');
    }

This generates a row in the database that inserts well

"3b60ba810e126ef97b5bc7f76aae5759";"127.0.0.1";"Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0";1334602031;"a:3:{s:9:"user_data";s:0:"";s:8:"username";s:5:"$user";s:9:"logged_in";b:1;}"

Then close the application

But when we press the back button of the browser displays the application

What happen??

Please help me!

#2
[eluser]CroNiX[/eluser]
It doesn't have anything to do with CI, or sessions, but is a browser caching issue. Google "prevent viewing authenticated content after logout" for a million answers to this very common HTML/Browser problem.

#3
[eluser]joe_h[/eluser]
So no solution?, There must be a way around not return to the application

With native php sessions can be solved very easily by checking that a variable is in the session

#4
[eluser]Iciclefeet[/eluser]
Your function that accept the post should set the session. And the user Page should check to see if the session is set before showing the views.
Then all you haft to do is enable add CSRF in your firm to prevent resending of post data. You can do this manually or by using form_open() ; and enabling CSRF in the configuration file.

#5
[eluser]joe_h[/eluser]
I can do this because I when enable CRSF in the config file I can´t not send values from my login form to the controller login.

#6
[eluser]skunkbad[/eluser]
[quote author="CroNiX" date="1334607212"]It doesn't have anything to do with CI, or sessions, but is a browser caching issue. Google "prevent viewing authenticated content after logout" for a million answers to this very common HTML/Browser problem.[/quote]

Is it just me, or are you amazed at the OP's response? Too funny! Damn, we need less kindergarteners in here.

#7
[eluser]joe_h[/eluser]
Sorry man, my english is very bad....


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.