hi,
here i mention my code its a code to login and logout code when i click on logout than its return on userlogin page but when i press back button of browser its return to previous page.
code here

RM.php

<form action="login.php" method="post">
        <table width="300" align="center" border="1">
            <tr>
                <td colspan="3" align="center"><h2>Login</h2></td>
            </tr>
             <?php
             $msg=$_GET['msg'];
             if(isset($msg))
             {
                    //echo "hello";
                    echo "<tr><td colspan='3'><font color='#FF0000'>" .$msg. "</font></td></tr>";
             }
            ?>
            <tr>
                <td width="80" align="right">Userid</td>
                <td width="10">:</td>
                <td><input type="text" id="txt_userid" name="txt_userid" /></td>
            </tr>
            <tr>
                <td width="80" align="right">Password</td>
                <td width="10">:</td>
                <td><input type="text" id="txt_pass" name="txt_pass" /></td>
            </tr>
            <tr>
                <td width="80"></td>
                <td width="10"></td>
                <td><input type="submit" id="txt_sub" name="txt_sub" value="Login" /></td>
            </tr>

        </table>
    </form>

login.php

<?php 
    session_start();
    if($_POST['txt_userid']=="rm" && $_POST['txt_pass']=="123")
    {
        $_SESSION['username']="rm";
        $_SESSION['pass']="123";
        header("location:welcome.php");
    }
    else
    {
        /*?>
        <script language="javascript">
            alert("Check user name and password");
        </script>
        <?php*/
        header("location:rm.php?msg=Check user name and password");
    }
?>

welcome.php

<?php
    session_start();
    echo $_SESSION['username'];
?> 
<a href="logout.php">Logout</a>

Logout.php

<?php
    session_start();
    session_unset(void);
    header("location:login.php");
?>

anybody suggest me where is the mistake

i want a proper login and logout page.
thanks

I'm guessing you mean you can still hit back on the browser and see welcome.php even though you've logged out? This is a simple matter of checking if session variables have been set at the top of each page that you don't want somebody who isn't logged in to see. You can put something like this at the top of each page:

//Start session
session_start();

//Check whether the session variable has been set 
// and if it is not blank
if(!isset($_SESSION['username']) || (trim($_SESSION['username'])=='')) 
{
        //if session variable username isn't set or it is blank
        //redirect to login page.
	header("location: RM.php");
	exit();
}

Now if you hit back in the browser when you've already logged out, this should redirect you to the RM.php page. And shouldn't your logout.php redirect to RM.php so the user can enter in their login info before it's checked by the login.php script?

Member Avatar for cuonic

Logout.php :

<?php
session_start();
unset($_SESSION['username']);
unset($_SESSION['pass']);
session_destroy();

header("Location: login.php");
exit;
?>

Think before writing session_destroy()
It may lead to destruction of all the sessions....for reference click here....

before using session variables you must assign them null value. after that assign them value :-

$_SESSION="rm";
$_SESSION="123";

And on logout page after destroying session again make their value null.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.