-5

I have designed a website and there is a logout option in sub menu.The code is in HTML and is here:-

<p><a href="adminlogin.php" target="self">logout</a></p>

Now this successfully brings me back to the adminlogin.php page but after that whenever I press the back button present at the top of web browser I go to that page again where I was before pressing logout button. But this should not happen if I have pressed the logout button then there should be no way to go back to that page unless I login again

Terry
  • 48,492
  • 9
  • 72
  • 91
learner
  • 1
  • 1
  • 1
  • 2
  • 1
    If you are using sessions, you need to destroy your session on logout and check for sessions on every authenticated page. – Milan Chheda Jun 29 '17 at 07:01
  • 2
    How are you verifying that the user is logged in? Using a client cookie or a server session? Either way, your walled off log-in area is not validating the session, hence giving the appearance that the user is still logged in. This is a rather broad question because we do not know how your user sessions are managed. – Terry Jun 29 '17 at 07:01
  • Possible duplicate of [what is better to logout in php?](https://stackoverflow.com/questions/9615057/what-is-better-to-logout-in-php) – Dinidu Hewage Jun 29 '17 at 07:05
  • 1
    Possible duplicate of [How to control web page caching, across all browsers?](https://stackoverflow.com/questions/49547/how-to-control-web-page-caching-across-all-browsers) – apokryfos Jun 29 '17 at 07:07

2 Answers2

2

To avoid browser back button after logout:

You Have To Add the top of each page, to check if the user is logged in. If not, they should be redirected to a login page:

Example:

<?php 
      if(!isset($_SESSION['username']) && !isset($_SESSION['useremail'])){

       header("Location: login.php");  // redirect to login page or index page if email and username is not set in session
  } 

?>

Now on Logout page, Simply unset the username and useremail session variable, and destroy the session or ( Cookies). what you set.

Example:

 <?php
    if(isset($_GET['logout'])) {  
    session_start();
    session_destroy();
    unset($_SESSION["username"]);
    unset($_SESSION["useremail"]);

    header('Location: index.php');
    exit;
    }
 ?>

Working CODE For All Pages After User Login: Home.php about.php contact.php etc..

Example: 

<?php 
// After User Login and come to home page.

 require 'database_conn.php'; // Connection
 session_start();    // Session start
?>


<?php

// If User is Not Login Then Redirect to `index` Page Automatically

//if(!isset($_SESSION['username']) && !isset($_SESSION['useremail']))

if(!isset($_SESSION['useremail'])){

    header("Location: index.php");
    // Redirect to index page if email is not set in session

}
?>

Working CODE For to Logout User: Logout.php

Example: 

<?php 
// After User Click On Logout page.
 require 'database_conn.php'; // Connection
 session_start();    // Session start
?>


 <?php
    if(isset($_POST['logout'])) {  

    if(isset($_SESSION['useremail'])){

     unset($_SESSION["useremail"]);
     session_destroy();
     session_unset();    
     header('Location: index.php');

      }
    }
 ?>

Simple Logout Button

<a href="logout.php">Logout</a>

logout.php

<?php
if(isset($_GET['logout'])) { 

session_start();
session_destroy();
header('Location: login.php');
exit;
}
?>

Or If Cookie Set Then

<?php
    if(isset($_GET['logout'])) {    
    unset($_COOKIE['access_token']);
    header('Location: login.php');    
    exit;

    }
?>
RïshïKêsh Kümar
  • 4,194
  • 1
  • 20
  • 31
0

You need session to do this. So basically when you logged in you need to set session variable like

$_SESSION['loged_in']=1; // set session with desired name

And on logging out you need to destroy this session value 

 unset($_SESSION["loged_in"]); // unset specific session

or 

session_destroy();  // destroy al

And most important part you need to check for this session value on each page where you don't want user to go with out log in. like 

 if(isset($_SESSION['loged_in']) && !empty($_SESSION['loged_in'])) {
     redirect('login.php'); // redirect to log in page 
}
rahul singh
  • 439
  • 1
  • 3
  • 16