php user logging out with or without AJAX

Question

My colleague and me are having a hard time trying to solve this problem. We have a special kind of webshop, because we have customers and sub-customers. If the person logged in is a sub-customer, we want to show some extra html on our page. This works, but if a sub-customer logs out, and a normal customer logs in, the extra html is still visible, but we don't understand how this is possible. The problem is also vice versa: if the first logged in is a normal user, then logs out, then a sub-customer logs in, the extra html is not visible.

1. loginck.php

//after the user types his e-mail end password, we check if its a normal user or a sub-user. If normal user then => $_SESSION['multiklant'] = 0; else sub-user then => $_SESSION['multiklant'] = 1; else $_SESSION['multiklant'] = 0; //user not found

2. index.php

if ($_SESSION['multiklant'] == 1) {
   $userid = $_SESSION['userid'];

echo "<div class='col-md-3'>";
echo "<label for='leveradres'>Leveradres*:</label><br/>";
echo "<select id='leveradres' class='form-control'>";
echo "<option value='0'>Selecteer...</option>";

$qry = "SELECT * FROM LEVERADRESSEN WHERE LA_EMAIL = '" . $_SESSION['klemail'] . "'";
$res = mysqli_query($link, $qry);
while ($row = mysqli_fetch_assoc($res)) {
echo "<option value='" . $row['LA_ID'] . "'>" . $row['LA_NAAM'] . "</option>";
}

echo "</select>";
echo "</div>"; 
}

3.1 logout click on index.php

$("#logout").click(function () {
    var lgout = $.get("logout.php");
    lgout.done(function (data) {

        $(".show-2").trigger("click");
        $("#logout").addClass("hidden");

    });
});

3.2 logout.php

<?php
    session_start();

    $_SESSION = array();
    session_unset();
    session_destroy();
    header("Location:index.php");
    exit();
?>

As you can see, we used AJAX here, but even without the problem stays. If possible we would like to keep the AJAX, but if not it can be deleted. Also a combination, where the redirect is not in de php but in the javascript part.

Could this be a caching problem? Because if we reload our browser without cache, it al works.

We are searching the internet, including this site already for 6 hours...

Code tested in Chrome on MAC and Internet Explorer 11 on Windows, gives no difference.

Answer 1

Your logout does a header location with exit. In other words: is the $.get('logout.php') done?

Why do you do a redirect serverside? So full page and scripts will be reloaded! And you're waiting for 'done'. Do this:

• remove the lines with header and exit from logout.php

After the session is destroyed, the page is ready and the .done callback will be executed.

Answer 2

Look at response header after logout and check "cache-control". I think problem in cache.