Reputation: 1613
How to restrict the user to go back previous logged-in pages after press logout
I am working on login functionality....
Now i have the problem... like this
1) After user Press Log-out..
2) if the user clicks the browser back button.. user can see his/her previous logged-in pages...
How can i restrict.. user to go back after log-out...
Everything works fine except this... Help me to fix this..
Here is LoginViewController.php
<?php
session_start();
header("Cache-Control: private, must-revalidate, max-age=0");
header("Pragma: no-cache");
header("Expires: Fri, 4 Jun 2010 12:00:00 GMT");
include('GenericClasses/GenericCollectionClass.php');
include('Models/UsersModel.php');
include('DataObjects/Users.php');
include('DatabaseAccess/DBHandler.php');
if(!empty($_SESSION['user']))
{
header("Location:loggedin.php");
die();
}
else
{
?>
//Html code for LoginIndexpage
<?php
}
?>
Here is Login.php
<?php
session_start();
header("Cache-Control: private, must-revalidate, max-age=0");
header("Pragma: no-cache");
header("Expires: Fri, 4 Jun 2010 12:00:00 GMT");
include('GenericClasses/GenericCollectionClass.php');
include('Models/UsersModel.php');
include('DataObjects/Users.php');
include('DatabaseAccess/DBHandler.php');
if(!isset($_SESSION['user']))
{
header('Location: LoginViewController.php');
exit();
}
echo '<div style="background:white; text-align:right"> Login as:'.$_SESSION['user'].'
<a href="LogoutViewController.php" style="text-align:right">Logout</a></div>';
?>
Here is Log-out.php
<?php
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
session_start();
session_destroy();
header("Location: LoginViewController.php");
?>
Any suggestions are acceptable....
Upvotes: 0
Views: 4008
Answers (3)
Reputation: 3622
Once the user is logged in you have to set a session like $_SESSION['id'] in inner pages(Dashboard for user) and you have to put condition on every page i.e:
if(!isset($_SESSION['user_id'])){
header("location:login.php")
}
This will check the availability of session.Remeber to unset the session in logout.php
Upvotes: 0
Reputation: 853
I would suggest checking the $_SESSION['user'] in every page that requires authentication. This could be implemented using a common Php page that you could include in all the pages requiring authentication (which probably will be all except the log-in page). So lets say for example, create a Php page called Security.php and inside that page you will have something like the following which was extracted from your question:
if(!isset($_SESSION['user']))
{
header('Location: LoginViewController.php');
exit();
}
Then in every page requiring user authentication, you could include the Security.php file at the beginning of the code. Something like this:
<?php
include('YOUR PATH/Security.php');
//Rest of your code here
...
<?
This way, it will not matter if the user hits the back button or if he request the page through the URL input of the browser, if he is not logged in, he will be redirected to the log-in page.
Hope this will help you
Upvotes: 0
Reputation:
Once User get logged in, that time you need to store user id or mail id in session variable.
And You have to put condition on all pages, that if session variable of user id or mail id is set then user can access that page else you have to redirect on Login page.
Upvotes: 1
Related Questions
- How can I disable the back browser button after user press logout and destroy session?
- Prevent displaying of previous pages after logout
- How can I not allow a user to go back after logout in PHP?
- How to stop visiting back pages after logout
- PHP Prevent going back page after log out
- prevent user from accessing previous (restricted) pages after signing out with PHP
- Trying to prevent user from going back to previous page after logout is not working
- Browser back button after log out
- avoid go back after logout
- How to return user back to the page where he came from, after successful logout?