How to Disable the Back Browser Button After User Press Logout and Destroy Session

  • Home
  • Languages
  • PHP
  • How to Disable the Back Browser Button After User Press Logout and Destroy Session

Prevent back button after logout

Implement this in PHP and not javascript.

At the top of each page, check to see if the user is logged in. If not, they should be redirected to a login page:

<?php 
      if(!isset($_SESSION['logged_in'])) : 
      header("Location: login.php");  
?>

As you mentioned, on logout, simply unset the logged_in session variable, and destroy the session:

<?php
      unset($_SESSION['logged_in']);  
      session_destroy();  
?>

If the user clicks back now, no logged_in session variable will be available, and the page will not load.

How to Disable Browser Back Button functionality after click on Logout Button in PHP

At last I solved my problem ..... :-)
I use this following code in

logout.php

<html>
<head>
    <script type = "text/javascript" >
    window.history.forward();
    function preventBack() { window.history.forward(1); }
    setTimeout("preventBack()", 0);
    window.onunload = function () { null };
</script>

</head>
<body onload="preventBack();" onpageshow="if (event.persisted) preventBack();" onunload="">
Please Wait..
<?php

session_start(); # NOTE THE SESSION START
$expire=time()-60*60*24*30; //1month
if(isset($_COOKIE['User_id'])){
    setcookie('User_id', '', $expire);
}
unset($_SESSION['UID']);
unset($_SESSION['USER']);
unset($_SESSION['URights']);
unset($_SESSION['UReg']);
$_SESSION = array();
foreach(array_keys($_SESSION) as $k) unset($_SESSION[$k]);
session_unset();
session_destroy();

header("Refresh: 2;url=../index.php");
?>
</body>
</html>

Now it's avoid me to use browser back button after logout and destroy the session.
Thank you all for yours valuable support...

Codeigniter pressing logout button and disable the back browser button

I tired to implement this option but it doesn't works well. So i implement new logic on this.

Simply check is session is set in every main methods. Below code help you

In logout(define in controller)

function __construct()
{
    parent::__construct();
    ob_start(); # add this
}

public function logout()
{
    $this->load->driver('cache');
    $this->session->sess_destroy();
    $this->cache->clean();
    ob_clean();
    redirect('home'); # Login form or some other page         
}

In dashboard(Function)

public function home()
{
    $logged_in = $this->session->userdata('logged_in');
    if($logged_in != TRUE || empty($logged_in))
    {
        #user not logged in
        $this->session->set_flashdata('error', 'Session has Expired');
        redirect('user_logging'); # Login view
    }
    else
    {
        #user Logged in
        $this->load->view("viewname",$data);
    }
}

In Login(function) 

$session = array(
    'username'  => $name,
    'logged_in' => TRUE
);

$this->session->set_userdata($session);

How can I disable the back browser button after user press logout and destroy session?

login.php page : 

<?php 
    if (isset($_POST['uname'], $_POST['pwd'], $_POST['type'])) {
        $Username = $_POST['uname'];
        $Password = $_POST['pwd'];
        $User_Type=$_POST['type'];
        if (!(empty($Username) || empty($Password) || empty($User_Type))) 
        {
             $model = new UsersModel();
             $rowsCount = $model->checkUser($Username,$Password,$User_Type);
             if ($rowsCount!=0)
             {
                  $_SESSION['user'] = $Username;
                  header("Location:LoginViewController.php");

             } else {
                  echo 'Bad user';
             }
        } else {
             echo 'Please, fill all inputs';
        }
    } else {
        echo 'Bad form sent';
    }
?>
<form name="f1" method="POST" action="" >
    // inputs
</form>

LoginViewController.php :

<?php
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");

if (!isset($_SESSION['user'])) {
    header('Location: login.php');
    exit();
}
echo 'You have successfully logged as '.$_SESSION['user']
?>

And add the headers to force the browser to revalidate the pages :

logout.php : 

<?php 
session_start();
session_destroy();
$_SESSION = array();
header("location: login.php");
?>

How to prevent back button going to secured page when already logout in node JS

This is probably your browser caching data.
You should set your server to respond with the header Cache-Control: no-store, no-cache
If you want to go a step further you can use the nocache middleware created by the same team that has created helmet

Disable browser 'Back' button after logout?

Finally found the solution:

from django.views.decorators.cache import cache_control

@cache_control(no_cache=True, must_revalidate=True)
def func()
  #some code
  return

This will force the browser to make request to server.


Related Topics

Difference Between Directoryiterator and Filesystemiterator

What's the Difference Between Post and Raw Post in PHP at All

Newline Not Working in PHP Mail

How to Make a Chat Room Script with PHP

How to Automatically Read in Calculated Values with PHPexcel

Get User Data Using Access Token in Laravel Passport Client App

PHP Regex for Human Names

Get First Element in PHP Stdobject

How to Access Elements in an Array Returned from a Function

Having Trouble Writing to a File with PHP on Ubuntu

Calculate the Difference Between 2 Timestamps in PHP

Getting Hour and Minute in PHP

Built in Support for Sets in PHP

Why Is MySQLi_Insert_Id() Always Returning 0

Get Service Container from Entity in Symfony 2.1 (Doctrine)

Random Float Number Between 0 and 1.0 PHP

Expression Is Not Allowed as Field Default Value

PHP - Display a 404 Error Without Redirecting to Another Page


Leave a reply



Submit