php


Codeigniter session problems


I've created user authentication using an awesome codeigniter authentication library ion auth in my codeigniter application, the authentication works fine but when i logout and click back button of the browser i can go through all the pages that i've visited in my application which raise concern aver user privacy but if i try to refresh the page it recognises that I'm logged out. How can i force the browser to reload when a user click back button of the browser? Any suggestion on how to solve this problem will be appreciated..
EDIT
Controller logout function
function logout() {
//log the user out
$logout = $this->ion_auth->logout();
//redirect them back to the page they came from
redirect('auth', 'refresh');
}
This is logout function from ion auth
public function logout() {
$this->ci->ion_auth_model->trigger_events('logout');
$identity = $this->ci->config->item('identity', 'ion_auth');
$this->ci->session->unset_userdata($identity);
$this->ci->session->unset_userdata('group');
$this->ci->session->unset_userdata('id');
$this->ci->session->unset_userdata('user_id');
//delete the remember me cookies if they exist
if (get_cookie('identity')) {
delete_cookie('identity');
}
if (get_cookie('remember_code')) {
delete_cookie('remember_code');
}
$this->ci->session->sess_destroy();
$this->set_message('logout_successful');
return TRUE;
}
I'm using codeigniter 2.0.3
Thanx in advance..
Chances are they are in fact logged out (as you say, refreshing causes them to appear logged out). It is likely that the browser has cached the HTML which is displayed indicating they're logged in but doesn't reload it after they're logged out.
You can set the pages which have login related information on to no cache by setting the Cache-Control header.
This can be achieved with HTML
<META Http-Equiv="Cache-Control" Content="no-cache">
<META Http-Equiv="Pragma" Content="no-cache">
<META Http-Equiv="Expires" Content="0">
Or PHP
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
You can also implement the hacky and inadvisable clearing the user's history for that particular window using the following code. This would need to be sent to the browser as part of the logout functionality and would not work if the user has javascript disabled.
<script language="javascript">
var Backlen=history.length;
history.go(-Backlen);
window.location.href=page url
</SCRIPT>
I highly discourage disabling caching, as this will reduce the speed of your app. I had the same problem because of silly coding, what I did was in my controllers, I put the following code at the top of every function which interacted with the database, used by the users in logged in states:
//Do not let anyone interact with database from cached pages!
if (!$this->tank_auth->is_logged_in()) {
redirect('/auth/login/');
}
So that redirection to login page happens, which means a refresh as well, if a logged out user's browser was "backed" to a cached logged in state and tried to fiddle with the database.
yes ion auth has this problem i was facing the same problem in my application. anothr problem was if session expire on any link it takes you to login page. but when you logged in and you try to access last link where session expired it always take you back to login page. to access the page you need to clear your browser cache. here is solution i found on github comments on ion auth
github ion-auth comment link
function logout() {
//log the user out
$logout = $this->ion_auth->logout();
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Wed, 4 Jul 2012 05:00:00 GMT"); // Date in the past
//redirect them back to the page they came from
redirect('auth', 'refresh');
}

Related Links

Passing POST data from ionic framework to CodeIgniter Rest API
Mail function can be misused
PHP - Is it possible to upload a zip file to the database after the zip is created in php?
Path to mpdf/jpgraph library in PHPExcel example on Windows
Convert row from database into image
How To Use Google Sheets API v4 To Create New Sheet or Tab in Spreadsheet with PHP
PHP $_POST arrays with multiple rows
Displaying nothing when I am trying to scrape data using simple html dom parser
PHP inserting late through time blocks
YII Server Move. Internal Server Error. CDbException
Having troubles posting form data with ajax to controller action (laravel)
Laravel 5.2 Unit Tests error: BadMethodCallException: Call to undefined method Illuminate\Database\Query\Builder::make()
Full-Text Search Function not working at all
WordPress settings page for custom methods
laravel get jobs from redis queue located in another codebase\project?
How to concatenate variable and string that contains () in php

Categories

HOME
android-espresso
adfs3.0
adobe
whmcs
portable-class-library
web2py
video-streaming
repair
fedora
stored-procedures
cdi
nexus3
mpu6050
ex
stimulsoft
squirrel-sql
xbox360
hidden
pe
anova
kaggle
websphere-portal
software-packaging
dragula
python-appium
laravel-4.2
sfml
docx4j
fotorama
appcode
sql-execution-plan
spring-rabbitmq
express-session
cordys-opentext
ms-dos
variable-variables
distributed-caching
absolute
axis
sonicmq
punctuation
aurelia-fetch-client
mongodb-aggregation
email-injection
allegro
ogg
ternary-operator
ndk-build
dmarc
meld
highlighting
verisign
django-validation
pack
msgpack
nette
gluon-desktop
libz
roxygen2
embeddedwebserver
physicsjs
fuseesb
gflags
sablecc
adwords-apiv201402
otl
miglayout
cpu-time
typesafe-stack
assetic
spring-security-acl
hyphen
disjoint-union
lru
django-filebrowser
multiscaleimage
multiple-dispatch
audiotoolbox
monocross
dropshadow
wcf-callbacks
mvcrecaptcha
django-apps
botnet
canonicalization
kext
printqueue
turbine
chunking
uninstaller
asdoc
facebook-fbml
html-components
google-translator-toolkit
projectpier
tacit-programming
twitter-feed
levels
account-management

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App