hi all,
i had a problem with logout.Even after clicking on logout,if we press back button i am able to see the details. i am destroing the sessions also. so can any one help me....
Thank u.

<?php
       ob_start();
       @session_start();
       require_once ("check.php");
      session_destroy();
      echo "<strong style='color:#FF3333'>"."<left><h1>Successfully logged out.</h1></left>"."</strong>";
      ?>
      <html>
      <link rel="stylesheet" type="text/css" href="style.css"/> 
      <body>
      <table><tr><td><a href="login.php"><h1>Login Again ?</h1></a></td></tr></table></body></html>

Hi,

If you are just pressing the "back" button after logging out you will see the page visited previously - as cached by the browser. Try going back to that page and then hitting "reload" or "refresh".

Post back if you're still having problems and we'll look at sessions/cookies :)

thanks for ur response.
I had done wat u said. now it is not showing any details but it is showing(i had a table) the table column names like userid,username,... i need not to display those also.wen we click on back button it should go to the login page only like gmail and yahoo mail do..

It may be useful if you post the content of "check.php". but it should read somethng like this:

<?php 

// valid user check

session_start();
if ($_SESSION['thisUser'] != "validUser")
{
    header("Location: login.php")
}
?>

requiring this at the very top of you php pages (before any other content except the opening "<?php") will in effect secure those pages. Assuming of course that the login page includes this code:

session_start();
$_SESSION == "validUser";

Using this code, if you were to log in, visit a page, log out and go back and refresh that page you will be automatically redirected to login.php.

Let us know how you get on

eugh forgot the semi-colon after header("Location: login.php")...

---check.php---

<?php
function createsessions($username,$password,$userid,$projectid,$projectname,$filename,$size,$allocatedmemory,$answer,$usedmemory,$Remainingmemory,$result,$data3)
{
    session_register();
    $_SESSION["username"] = $username;
    $_SESSION["password"] = $password;
    $_SESSION["userid"] = $userid;
    $_SESSION["projectid"] = $projectid;
    $_SESSION["projectname"] = $projectname; 
     $_SESSION["filename"] = $filename; 
     $_SESSION["size"] = $size; 
     $_SESSION["allocatedmemory"] = $allocatedmemory; 
    $_SESSION["answer"] = $answer; 
    $_SESSION["usedmemory"] = $usedmemory;    
    $_SESSION["Remainingmemory"] = $Remainingmemory;
     $_SESSION["result"] = $result;
     $_SESSION["data3"] = $data3; 
                                      
}
 
?>

Basically your login is secured exclusively with sessions, so calling session_destroy(); will effectively log the user out.

Let me just confirm the problem you are still having: reloading a user-area page after logging out results in some of the content still showing?

You need to include in your code a user check (as I suggested above) to go at the very top of your PHP file - before calling session_start(); or echoing anything.

So when the page is requested it will check the server for a valid session BEFORE sending any content. As long as you perform this check before outputting anything (i.e. echo/print etc) you can then use header("Location: login.php"); to automatically direct the user to the login page.

This way, if a user isn't logged in he won't be able to load a secured page (no matter what), he will always be redirected :)

I'll keep my eye on this thread and feel free to PM me if you want :)

Just use this

<? 
session_start();
session_destroy();
?>

name it logout.php and link your logout button

Don't forget to add the redirect:

Complete code for logout page (assuming session is the only validation):

<?php
session_start();
session_destroy();

header("Location: index.php");
?>

Now when the user clicks a link to logout.php they will be logged out and automatically taken to index.php.

in adition to checking the valid user session vairbale u should do this as a logout precashionairy:

$_SESSION = array();
session_unset();
session_destroy();
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-55, '/');
}

dont change anything, but u can change the -55 to another negatiove number only a negative number

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.