CODEWITHSUNDEEP
phpcodeigniterauthenticationsessionlogout
cdt
cdt

Reputation: 185

CodeIgniter Log Out Could still access the page after logging out when back button is clicked or typed a shortcut link

Hi Everyone i asking if how i can resolved this kind of problem. the problem is when i clicked the back button after logging out the user can still access the page or by typing the link of the page. i thought if i can destroy the session it will automatically disabled those pages.. 

<?php defined('BASEPATH') OR exit('No direct script access allowed');
  class Auth extends MY_Controller {

   public function index(){

    $this->data['page_title'] = "User Login";
    $this->load->view('templates/master', $this->data);

     }
public function login(){
    $username = $_POST['username'];
    $password = $_POST['password'];
    $data = $this->User_model->login ($username, $password);
    if($data){  
    $this->session->set_userdata('users', $data);
    $session_data = array(
        'username' => $username);
    $this->session->set_userdata($session_data);
    redirect('users');

    }
    else{
        $this->session->set_flashdata
        ('loginfail','<div class="alert alert-danger"><a href="#" class="close" data-dismiss="alert" aria-label="close">&times;</a>
        <strong>Danger !</strong> Invalid Email or Password .</div>');
       return redirect("auth");


    } 
}
public function logout()
{
    $this->session->unset_userdata(array('username','id'));
    $this->session->sess_destroy();
    redirect('auth');

}

}

<a href="<?php echo ('auth/logout')?>" data-toggle="modal" data-target="#logoutModal">
    <i class="fas fa-sign-out-alt fa-sm fa-fw mr-2 text-gray-400"></i>
    Logout
  </a>

My Homepage controller Code

<?php
defined('BASEPATH') OR exit('No direct script access allowed');

class Users extends MY_Controller {

    function __construct() {
        if(empty($this->session->userdata('id'))){
            redirect('auth/logout');
        }
     }
    public function index()
    {
        $this->data['page_title'] = "Users List";

        $this->data['users'] = $this->User_model->get();
        $this->load->view('templates/master', $this->data);
    }

    public function add()
    {   
        $this->data['page_title'] = "Add User";

        $input_data = $this->input->post(); 

        if(!empty($input_data))
        {
            $this->User_model->insert($input_data);
            redirect('/users');
        } else {
            $this->load->view('templates/master', $this->data);
        }

    }



    public function edit($id)
    {
        $this->data['page_title'] = "Edit User";

        $input_data = $this->input->post(); 

        if(!empty($input_data)){
            $this->User_model->update($input_data);
            redirect('/users');
        } else {
            $this->data['users'] = $this->User_model->get($id);
            $this->load->view('templates/master', $this->data);
        }
    }

    public function delete($id)
    {
        $this->User_model->delete($id);
        redirect('/users');
    }
}

My Core Controller Code

<?php
defined('BASEPATH') OR exit('No direct script access allowed');

class MY_Controller extends CI_Controller {

    protected $data;

    public function __construct()
    {
        parent::__construct();

        define('CONTROLLER', $this->router->fetch_class());
        define('METHOD', $this->router->fetch_method());

    }

}

Upvotes: 0

Views: 884

Answers (3)

teenage vampire
teenage vampire

Reputation: 359

logout and login works fine...

but you have to restrict or privilege your functions

example 

public function isLoggedIn() {
        if ($this->session->userdata('uId') == TRUE) {
            return true;
        } else {
            return false;
        }
    }

public function index() {

    $status = $this->session->userdata('uStatus');
    if ($this->isLoggedIn() == TRUE && $status == "1") {

       //your code here

    } else {
        $this->session->set_flashdata('error', 'You have to login first');
        redirect('login');
    }
}

Upvotes: 1

Shubham Azad
Shubham Azad

Reputation: 796

Yes, you must log out of the user session. And you have to check the user session in the constructor of a controller.

Example:

class Users extends MY_Controller {
   function __construct() {
       if(empty($this->session->userdata())){
          redirect('LOGIN_CONTROLLER');
       }
    }
}

Upvotes: 1

Boominathan Elango
Boominathan Elango

Reputation: 1191

You should redirect 

    if(empty($this->session->userdata('id'))){
     redirect('LOGIN_CONTROLLER/METHOD_NAME_HERE');
   }

Upvotes: 0

Related Questions