php


Codeigniter session problems


I've created user authentication using an awesome codeigniter authentication library ion auth in my codeigniter application, the authentication works fine but when i logout and click back button of the browser i can go through all the pages that i've visited in my application which raise concern aver user privacy but if i try to refresh the page it recognises that I'm logged out. How can i force the browser to reload when a user click back button of the browser? Any suggestion on how to solve this problem will be appreciated..
EDIT
Controller logout function
function logout() {
//log the user out
$logout = $this->ion_auth->logout();
//redirect them back to the page they came from
redirect('auth', 'refresh');
}
This is logout function from ion auth
public function logout() {
$this->ci->ion_auth_model->trigger_events('logout');
$identity = $this->ci->config->item('identity', 'ion_auth');
$this->ci->session->unset_userdata($identity);
$this->ci->session->unset_userdata('group');
$this->ci->session->unset_userdata('id');
$this->ci->session->unset_userdata('user_id');
//delete the remember me cookies if they exist
if (get_cookie('identity')) {
delete_cookie('identity');
}
if (get_cookie('remember_code')) {
delete_cookie('remember_code');
}
$this->ci->session->sess_destroy();
$this->set_message('logout_successful');
return TRUE;
}
I'm using codeigniter 2.0.3
Thanx in advance..
Chances are they are in fact logged out (as you say, refreshing causes them to appear logged out). It is likely that the browser has cached the HTML which is displayed indicating they're logged in but doesn't reload it after they're logged out.
You can set the pages which have login related information on to no cache by setting the Cache-Control header.
This can be achieved with HTML
<META Http-Equiv="Cache-Control" Content="no-cache">
<META Http-Equiv="Pragma" Content="no-cache">
<META Http-Equiv="Expires" Content="0">
Or PHP
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
You can also implement the hacky and inadvisable clearing the user's history for that particular window using the following code. This would need to be sent to the browser as part of the logout functionality and would not work if the user has javascript disabled.
<script language="javascript">
var Backlen=history.length;
history.go(-Backlen);
window.location.href=page url
</SCRIPT>
I highly discourage disabling caching, as this will reduce the speed of your app. I had the same problem because of silly coding, what I did was in my controllers, I put the following code at the top of every function which interacted with the database, used by the users in logged in states:
//Do not let anyone interact with database from cached pages!
if (!$this->tank_auth->is_logged_in()) {
redirect('/auth/login/');
}
So that redirection to login page happens, which means a refresh as well, if a logged out user's browser was "backed" to a cached logged in state and tried to fiddle with the database.
yes ion auth has this problem i was facing the same problem in my application. anothr problem was if session expire on any link it takes you to login page. but when you logged in and you try to access last link where session expired it always take you back to login page. to access the page you need to clear your browser cache. here is solution i found on github comments on ion auth
github ion-auth comment link
function logout() {
//log the user out
$logout = $this->ion_auth->logout();
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Wed, 4 Jul 2012 05:00:00 GMT"); // Date in the past
//redirect them back to the page they came from
redirect('auth', 'refresh');
}

Related Links

Using Arrays in PHP (for inexperienced programmer)
Weird output when trying to list all customers in Stripe using php
Adding minutes to time in PHP
Mistake in echo
Modifying / Adding extra stuff to PDO bindParam()?
Composer with Laravel Homestead on Windows 10
CodeIgniter still show error whenever i already set encryption_key in config file
how to create redis key from php user input?
using groupby and order by with inner join
How can I validate if a user entered a price from $0.97 to $10,000.00 using PHP? [duplicate]
Magento Product Images tab does not load
Insert Multi dimensional values in mongoDb collection using Lumen
Use different PHP version on particular directory of virtualhost. LiteSpeed webserver
Unit Testing - Identifying test senarios
how to combine multiple files into one
Set the default value of a datetime column to be in 24h format in SQL Server

Categories

HOME
spring-data
powerbi
protocol-buffers
yii
long-integer
stacktrace.js
twitter-fabric
dronekit-python
fogbugz
swift2
haxe
gprs
u-boot
jpa-criteria
locationmanager
alljoyn
powermock
sonata
dma
fosuserbundle
gravity
word2vec
spam
scheduled-tasks
bazaar
raml
angular2-highcharts
mime-types
amazon-sns
environment
pubxml
cellular-network
basex
spring-annotations
locks
custom-keyboard
markov-chains
restful-architecture
orchardcms-1.8
subclassing
microkernel
plane
pyttsx
git-tfs
permission-denied
common-table-expression
non-linear-regression
maven-jaxb2-plugin
connect-direct
fitbit
elastic4s
google-identity-toolkit
msg
livecycle
oci
jtag
deferred-rendering
strpos
ibm-was
featuretoggle
hmisc
replicaset
swagger-maven-plugin
explain
abstract-factory
quercus
scala-swing
text-align
mutators
berkeley-db-xml
stripe.net
forceclose
miglayout
boolean-algebra
lync-2010
objective-c-runtime
pacman
microformats
jquery-lazyload
eager-loading
simplecov
word-frequency
thejit
jzmq
uploading
yuidoc
mmc3
datacontracts
css-friendly
dip
channelfactory
turbine
suphp
aptitude
active-record-query
ios-4.2
html-components

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App