Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I not allow a user to go back after logout in PHP?

Tags:

php

I just wrote a PHP login script, and what I'm trying to accomplish is that when the user click to the log out link, after they log out, regardless clicking the back button of the browser, they cannot access the page.

Here is the logout function:

//Start the Session
session_start();
session_destroy();

header("location:login.php");
exit();

I did place the following code on all the pages, and this seems not do the job:

header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT");    // Date in the past
header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header ("Cache-Control: no-cache, must-revalidate");  // HTTP/1.1
header ("Pragma: no-cache");

//Start the Session
session_start();

Any suggestions?

like image 528
Ole Media Avatar asked Jun 23 '09 22:06

Ole Media

People also ask

How do I stop PHP from going back after logout?

Here's an easy and quick solution. To the login form tag add target="_blank" which displays content in a different window. Then after logout simply close that window and the back button problem (Safari browser) is solved. Even trying to use the history will not display the page and instead redirect to login page.

How do I restrict someone to go back after logging out?

The HTML Markup of Home page consists of an HTML Anchor link to the Logout page. The Disable Browser Back Button Script is placed in the HEAD section so that User cannot access the Home page using Browser Back button from Logout page. The following is the HTML Markup of Logout.

How do you prevent your browser from going back to the login page once a user is logged in?

You should convert the login screen to a php file - it needs a little bit of server-side logic to check if the user is logged in. It can be the same as your current html file except with a . php extension and this bit of php at the top <? php if(isset($_SESSION['username'])){ header('location:dashboard.

How do I prevent an auto logout SESSION in PHP?

Use password_hash and password_verify instead.

2 Answers

You can't control the workings of the client-side back button on the server. You could destroy the history data using javascript on the client.

The client can completely ignore the no-cache headers.

like image 63
jmucchiello Avatar answered Sep 17 '22 18:09

jmucchiello

Check when the user is logged out if the session global is still set with the correct value.

print_r($_SESSION);

The reason for this is that you are doing a session_destroy and then a header redirect, what happens is that you force a redirect and the destroying of the session isnt written to the server that way.

like image 29
Ólafur Waage Avatar answered Sep 20 '22 18:09

Ólafur Waage
Sign in to Comment

Related questions

Laravel PDF: No block-level parent found. Not good
Laravel schedule fire only once on initialization
PhpStorm ignores PHP version setting in project
Laravel database transactions aren't working
Is there a null-conditional operator in PHP?
Stop repeating div content in PHP AJAX MySQL
MongoDB Exception: Server reports wire version 0, but version of libmongoc requires at least 3
Php cURL with calling an API with GRAPHQL
Bootstrap Table: sort by date field
Laravel 403 forbidden on custom Request validation
The provided token is malformed or otherwise invalid
Laravel: Not picking up __invoke method?
Is it necessary to execute additional SELECT and INSERT IGNORE queries each time while inserting data into MySQL table that depends on FOREIGN KEYs?
Symfony Doctrine Prevent Particular Entity's Record Deletion
How to convert MySQL code into PDO statement?
Update customer password in WooCommerce admin orders dashboard
Force PHP to error on non-declared variables? In objects?
PHP: Check if XML node exists with attribute
Best practices for iterating over MASSIVE CSV files in PHP
zend not using columns, and selecting everything

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!