Reputation: 51
CodeIgniter - Could still access the member's page after logging out when back button is clicked
I am using CodeIgniter.
After I logon to the member's and click logout, I could still view the member's page when I click the BACK button.
Question Does anyone know so that if the user has logged out, it could not access the Member's page even clicking of BACK button?
Please see my code below..
Thanks..
class Site extends CI_Controller{
function index()
{
if(!isset($this->session->userdata['is_loggged_in']))
$this->login();
else
$this->_template();
}
function login()
{
$data['main_content'] = 'login_form';
$data['page_title'] = 'Login - php';
$this->load->view('include/template' , $data);
}
function validate()
{
$this->load->library('form_validation');
$this->form_validation->set_rules('username' , 'Username' , 'trim|required' );
$this->form_validation->set_rules('password' , 'Password' , 'trim|required' );
if($this->form_validation->run() == FALSE)
{
$this->login();
}
else
{
$this->load->model('member_model' , 'member');
$query = $this->member->checklogin();
//login successful , make sure no duplicate entry during registration
if($query->num_rows() == 1)
{
$data = array(
'is_loggged_in' => TRUE ,
'username' => $this->input->post('username'),
);
$this->session->set_userdata($data);
$this->_template();
}
else
{
$data = array(
'main_content' => 'login_form' ,
'page_title' => 'Error login' ,
'page_error' => 'Invalid Username or password. '
);
$this->load->view('include/template' , $data);
}
}
}
function _template()
{
$data = array(
'main_content' => 'include/default_inc',
'page_title' => 'Welcome home ran'
);
$this->load->view('include/template' , $data);
}
function logout()
{
$this->session->sess_destroy();
redirect('site/login');
exit;
}
}
/* end of controller site */
Upvotes: 1
Views: 2527
Answers (5)
Reputation: 61
this is the logic
if you disable cache in all controller, it will works but it is stupid. maybe it will slowdown your web loads, or even affect your SEO.
So the solution is always check user status in every pages, if his status is logged in then disable cache, otherwise do nothing
this is a sample part of my code that i put in every function
if ($this->session->userdata('logged_in')){
$this->output->set_header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');
$this->output->set_header('Cache-Control: no-cache, no-store, must-revalidate, max-age=0');
$this->output->set_header('Cache-Control: post-check=0, pre-check=0', FALSE);
$this->output->set_header('Pragma: no-cache');}
no need to put else statement after that, just put the rest of your code .
So one the user logged id and browsing your web, there is no cache being stored. Try to log out and hit back button. i bet it works
Upvotes: 2
Reputation: 10996
Basicly your browser goes back a page and simply reproduces the HTML it received that time. There are many ways to solve this, and I promise you can easily find them through little searching.
One simply way to prevent this would be to run an ajax upon page load that checks if you're logged in, and updates the page if that's not the case. And ajax will always be run, even through using Back.
controllers/check_login.php
<?
class Check_login {
function index()
{
$bool = (bool) $this->session->userdata('is_loggged_in');
$this->output->set_content_type('application/json');
if ($bool)
$this->output->set_status_header('500');
$arr_json = array( 'need_login' => $bool);
echo json_encode($arr_json);
}
}
jQuery javascript
$(function() {
$(document).ajaxError(function(event, jqXHR) {
var data = jqXHR.responseJSON;
if (data.need_login)
if (confirm(data.message))
window.location = window.location.href;
$.get('/check_login');
});
});
Note! This approach can also give you a easy way to handle dead ajax calls through clever use of $this->input->is_ajax_request() and 'need_login' value.
Upvotes: 1
Reputation: 2827
From your code , you are logged out, even the html page is cached by the browser therefore such problem occurs. I am providing a well tested solution. .Put following code somewhere in your helper (lets say my_helper.php).
function no_cache()
{
header("Expires: Mon, 26 Jul 1990 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
}
Load the helper and call the no_cache function within the constructor of your controller
public function __construct()
{
parent::__construct();
$this->load->helper('my_helper');
no_cache();
}
Upvotes: 1
Reputation: 1447
Assuming that your session is succesfully getting destroyed but still the previous page is getting accessed(from browser's history), then you can solve this by using code in your every controllers constructor. I would suggest to extend core Output Library.
$this->output->set_header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');
$this->output->set_header('Cache-Control: no-cache, no-store, must-revalidate, max-age=0');
$this->output->set_header('Cache-Control: post-check=0, pre-check=0', FALSE);
$this->output->set_header('Pragma: no-cache');
Upvotes: 2
Reputation: 99
instead of checking session in index function try checking it in constructor
function __constuctor()
{
parent::__construct();
$session = $this->session->userdata('is_loggged_in');
if ( !$session) {
$this->login();
}else{
$this->_template();
}
}
Upvotes: 1
Related Questions
- Codeigniter pressing logout button and disable the back browser button
- CodeIgniter Log Out Could still access the page after logging out when back button is clicked or typed a shortcut link
- PHP Codeigniter is showing the cache when i press the back button after I logout
- codeigniter - back button after logout still working
- How to deny user access when back in browser is clicked and user have already logout
- Redirect Codeigniter user when using back button
- CodeIgniter session issue after sign out browser back button landed to the secured page
- CodeIgniter back button after logout
- Back button to be disable after logout
- Redirect to webpage by click on back button after logout