开发者

Logged out sessions get restored by back button

开发者 https://www.devze.com 2023-01-26 12:02 出处:网络
I am making a login 开发者_JAVA百科page . When i log out i clear the cookies. but when i press the back button after logging out the session gets restored. How can i avoid the session restore..This is

I am making a login 开发者_JAVA百科page . When i log out i clear the cookies. but when i press the back button after logging out the session gets restored. How can i avoid the session restore..


This is probably a misunderstanding.

When pressing the back button, you are most likely seeing a cached version of the page in the browser. This does not mean that you are still logged in.

Try refreshing the previous page. It should show the login dialog.

If you want to prevent the page from being shown in this way, here is an approach for turning off the browser's caching.

If you actually remain logged in, then something is wrong. In that case, we need to see some code.


A quick and easy fix for your problem is provided by the session_destroy php man page.


From the comments it appears your issue is that when you click Back on your browser, the browser prompts you to re-send POST data. Of course when you do this, you just re-send the login data, thus immediately logging the user back in. The solution to avoiding the annoying browser prompt to resend POST data, and thus also avoid logging the user back in, is to use the "redirect-after-post" pattern.

Have the POST target of your login form be some other page - not your login welcome page or whatever. This target page processes the login info, does authorisation, and then does a redirect to either the welcome page (on success) or back to the login page if failed to authenticate.

This way you will avoid the browser prompt and the user being logged back in. Really all forms should implement this pattern, as it results in a better user experience and avoids pitfalls like the one you have experienced.


Try this below code : Logged out sessions get restored by back button issues has been resolved.

Link:

 header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
 header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
0

精彩评论

暂无评论...
验证码 换一张
取 消