CODEWITHSUNDEEP
php
user3685445
user3685445

Reputation:

logout.php is not working second time

I have one problem with my logout.php . Problem is second time logout. For example, a user has two accounts on my website. User loged in with the first account and then he click loged out it is ok. But when he logged in with the second account then he click loged out logout.php does not work. Can you help me here please..

Here is my session.php

<?php
$session_uid=$_SESSION['uid']; 
// Session Private
if(!empty($session_uid))
{
$uid=$session_uid;
$login='1';
}
else if($_GET['username'] || $_GET['msgID'])
{
$uid=$Wall->User_ID($username);
$login='0';
}
else
{
$url=$base_url.'index.php';
header("location:$url");
}

?>

And here is Login.php code:

<?php
ob_start("");
error_reporting(0);
include_once 'includes/db.php';
include_once 'includes/User.php';
session_start();
$session_uid=$_SESSION['uid']; 
if(!empty($session_uid))
{
header("location:main.php");
}

$User = new User();

//Login
$login_error='';
if($_POST['user'] && $_POST['passcode'] )
{
$username=$_POST['user'];
$password=$_POST['passcode'];
if (strlen($username)>0 && strlen($password)>0)
{
$login=$User->User_Login($username,$password);

if($login)
{
$_SESSION['uid']=$login;
header("Location:main.php");
}
else
{
$login_error="<span class='error'>Wrong password or username!</span>";
}
}
}

//Registration
$reg_error='';
if($_POST['email'] && $_POST['username'] && $_POST['password'] )
{
$email=$_POST['email'];
$username=$_POST['username'];
$password=$_POST['password'];

if (strlen($username)>0 && strlen($password)>0 && strlen($email) )
{
$reg=$User->User_Registration($username,$password,$email);

if($reg)
{
$_SESSION['uid']=$reg;
header("Location:main.php");
}
else
{
$reg_error="<span class='registererror'>Username or Email is already exists.</span>";
}    
}
}
?>

And logout.php code:

<?php
error_reporting(0);
session_start();
$_SESSION['uid']=''; 
if(session_destroy())
{
$url=$base_url.'index.php'; 
//header("Location: $url");
echo "<script>window.location='$url'</script>";
}

?>

Upvotes: 0

Views: 148

Answers (1)

developerwjk
developerwjk

Reputation: 8659

Because you decided to do echo "<script>window.location='$url'</script>"; instead of header("Location: $url"); your logout.php is being cached in the browser. So on the second click, its not even hitting the server.

You should do the redirect on the server-side, not in Javascript. If (1) you don't print anything, (2) you only return the location header, (3) you do the redirect regardless of whether session_destroy() returns true or false, then the browser should not cache this page, and you should not have this problem.

Of course the page being redirected to could also have been cached, so set no-cache headers on pages that should be protected by the login so that a cached version will not be displayed by the browser when the user is logged out.

Upvotes: 1

Related Questions