I'm trying to stop/disable the back button functionality of the browser when a user logs out of my CodeIgniter (PHP) app. But, I think the browser is caching the page so it becomes visible despite the session being destroyed from logout.
I know the session is dead because when the user tries to do anything (click any link etc) they are kicked out through the methods in my controller.
It's not ideal to have the back button working in this manner since the previous page contains confidential information.
Not a clue how to tackle this one, maybe a redirect page in between (but then the user could slam the back button really quick right?), help!
Thanks.
Add this to prevent caching of the previous page:
header("cache-Control: no-store, no-cache, must-revalidate");
header("cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
I think this could help you out, it works for me.
CodeIgniter Framework version:
$this->output->set_header('Last-Modified:'.gmdate('D, d M Y H:i:s').'GMT');
$this->output->set_header('Cache-Control: no-store, no-cache, must-revalidate');
$this->output->set_header('Cache-Control: post-check=0, pre-check=0',false);
$this->output->set_header('Pragma: no-cache');
PHP version:
header('Last-Modified:'.gmdate('D, d M Y H:i:s').'GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0',false);
header('Pragma: no-cache');
if you are using PHP OOP put the above code in your constructor to initialize on your pages.
My solution for this problem:
- Check that the cookie is set will with an if.
- Step parameters and call the login method of user model.
- Finally charge the corresponding views.
If the cookie is not set will redirected to the login page.
if(isset($_COOKIE['ci_session'])){
$user= $this->security->xss_clean($this->input->post('user'));
$pass= $this->security->xss_clean($this->input->post('pass'));
$result = $usrLog->loguearUsuario($user, $pass);
if($result == TRUE){
$data = $this->session->set_userdata('logged_in', $sessArray);
$this->load->view('pages/admin', $data);
}
}else{
header('Location: login');
}
I hope you learn! And sorry for my english! :-)
after log-out goto one page show some message like "see you soon" and after some time redirect from that to desired page this might solve your problem
like below code for redirecting second time
header("Refresh 3; url=home.php");
You could use javascript to close the window after they logout - thus removing any ability to go back pages.
Alot of online banks do this to solve this exact issue.
I think the following should help you out
1) Create a logout.php file and add the following code to it
<html>
<head>
<script src="http://code.jquery.com/jquery-1.10.1.min.js"></script>
<script type="text/javascript">
$( document ).ready(function() {
$( "#submit" ).trigger( "click" );
});
</script>
</head>
<body>
<form action="<?php echo base_url();?>login" method="post">
<input type="submit" id="submit" style="display: none;">
</form>
</body>
</html>
2) Modify your logout function to load a above view file logout.php
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 做个烂人 的文章《CodeIgniter back button after logout》','https://www.manongdao.com/article-82762.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}