Prevent back button after logout
Implement this in PHP and not javascript.
At the top of each page, check to see if the user is logged in. If not, they should be redirected to a login page:
<?php
if(!isset($_SESSION['logged_in'])) :
header("Location: login.php");
?>
As you mentioned, on logout, simply unset the logged_in session variable, and destroy the session:<?php
unset($_SESSION['logged_in']);
session_destroy();
?>
If the user clicks back now, no logged_in session variable will be available, and the page will not load. How to Disable Browser Back Button functionality after click on Logout Button in PHP
At last I solved my problem ..... :-)
I use this following code in
logout.php
<html>
<head>
<script type = "text/javascript" >
window.history.forward();
function preventBack() { window.history.forward(1); }
setTimeout("preventBack()", 0);
window.onunload = function () { null };
</script>
</head>
<body onload="preventBack();" onpageshow="if (event.persisted) preventBack();" onunload="">
Please Wait..
<?php
session_start(); # NOTE THE SESSION START
$expire=time()-60*60*24*30; //1month
if(isset($_COOKIE['User_id'])){
setcookie('User_id', '', $expire);
}
unset($_SESSION['UID']);
unset($_SESSION['USER']);
unset($_SESSION['URights']);
unset($_SESSION['UReg']);
$_SESSION = array();
foreach(array_keys($_SESSION) as $k) unset($_SESSION[$k]);
session_unset();
session_destroy();
header("Refresh: 2;url=../index.php");
?>
</body>
</html>
Now it's avoid me to use browser back button after logout and destroy the session.Thank you all for yours valuable support...
Codeigniter pressing logout button and disable the back browser button
I tired to implement this option but it doesn't works well. So i implement new logic on this.
In logout(define in controller)Simply check is session is set in every main methods. Below code help you
function __construct()
{
parent::__construct();
ob_start(); # add this
}
public function logout()
{
$this->load->driver('cache');
$this->session->sess_destroy();
$this->cache->clean();
ob_clean();
redirect('home'); # Login form or some other page
}
In dashboard(Function)public function home()
{
$logged_in = $this->session->userdata('logged_in');
if($logged_in != TRUE || empty($logged_in))
{
#user not logged in
$this->session->set_flashdata('error', 'Session has Expired');
redirect('user_logging'); # Login view
}
else
{
#user Logged in
$this->load->view("viewname",$data);
}
}
In Login(function) $session = array(
'username' => $name,
'logged_in' => TRUE
);
$this->session->set_userdata($session);
How can I disable the back browser button after user press logout and destroy session?
login.php page :
<?php
if (isset($_POST['uname'], $_POST['pwd'], $_POST['type'])) {
$Username = $_POST['uname'];
$Password = $_POST['pwd'];
$User_Type=$_POST['type'];
if (!(empty($Username) || empty($Password) || empty($User_Type)))
{
$model = new UsersModel();
$rowsCount = $model->checkUser($Username,$Password,$User_Type);
if ($rowsCount!=0)
{
$_SESSION['user'] = $Username;
header("Location:LoginViewController.php");
} else {
echo 'Bad user';
}
} else {
echo 'Please, fill all inputs';
}
} else {
echo 'Bad form sent';
}
?>
<form name="f1" method="POST" action="" >
// inputs
</form>
LoginViewController.php :<?php
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
if (!isset($_SESSION['user'])) {
header('Location: login.php');
exit();
}
echo 'You have successfully logged as '.$_SESSION['user']
?>
And add the headers to force the browser to revalidate the pages :logout.php :
<?php
session_start();
session_destroy();
$_SESSION = array();
header("location: login.php");
?>
How to prevent back button going to secured page when already logout in node JS
This is probably your browser caching data.
You should set your server to respond with the header Cache-Control: no-store, no-cache
If you want to go a step further you can use the nocache middleware created by the same team that has created helmet
Disable browser 'Back' button after logout?
Finally found the solution:
from django.views.decorators.cache import cache_control
@cache_control(no_cache=True, must_revalidate=True)
def func()
#some code
return
This will force the browser to make request to server.
Related Topics
Difference Between Directoryiterator and Filesystemiterator
What's the Difference Between Post and Raw Post in PHP at All
Newline Not Working in PHP Mail
How to Make a Chat Room Script with PHP
How to Automatically Read in Calculated Values with PHPexcel
Get User Data Using Access Token in Laravel Passport Client App
Get First Element in PHP Stdobject
How to Access Elements in an Array Returned from a Function
Having Trouble Writing to a File with PHP on Ubuntu
Calculate the Difference Between 2 Timestamps in PHP
Getting Hour and Minute in PHP
Built in Support for Sets in PHP
Why Is MySQLi_Insert_Id() Always Returning 0
Get Service Container from Entity in Symfony 2.1 (Doctrine)
Random Float Number Between 0 and 1.0 PHP
Expression Is Not Allowed as Field Default Value
PHP - Display a 404 Error Without Redirecting to Another Page