PHP Logout And Session Issues

Question

Hers is my logout script on logout.php:

unset($_SESSION['user']['id']);
        session_unset();
        session_destroy();
        echo '<script type="text/javascript">window.location="login.php"</script>';

My problem is after logout when I click on browser back button I got redirect back to index.php page. The index.php shown for a while and after that it get redirected to login.php. I don't understand why it redirect to back to index.php page. I don't want to show any page / content to a user even for a second after it gets logged out.

Answer 1

check condition on every page after login

 if(!isset($_SESSION['user'] && !isset($_SESSION['user']['id'])){ 
    header('location:login.php') ;
 }

Answer 2

try to use.

 header ("Location: login.php");

Answer 3

No need of unset($_SESSION['user']['id']); and session_unset();. session_destroy() will do it all. Try with -

session_destroy();
header('location:logout.php');
exit;

Answer 4

Well, your user is going to have to load that page with the javascript, and the javascript is doing the redirection. What you want is to issue a header in PHP to force the redirect immediately. However if you've already put a header out, you can't do it again, so you need to include another PHP file with the output you want to display, and then die(). Doing it through Javascript there will always be a pageload before the window.location() call takes effect, and many people with popup blockers might not even follow the javascript redirect properly.