I would to set it up where if someone sends in a request "logout" it will automatically take them to a page saying "successful log out". If the customer tries to press the back button or go to the restricted area, it will ask for HTTP auth again.
What I have so far is this:
example.com/restricted/index.php:
<?php
session_start();
if(isset($_GET['logout']))
{
unset($_SESSION["login"]);
header("location: ../logout.php");
exit;
}
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || !isset($_SESSION["login"]))
{
header("HTTP/1.0 401 Unauthorized");
header("WWW-authenticate: Basic realm=\"Tets\"");
header("Content-type: text/html");
$_SESSION["login"] = true;
// Print HTML that a password is required
exit;
}
?>
// The rest of the page is then displayed like normal
The user successful visits example.com/logout.php if example.com/restricted/index.php?logout is accessed. When the user tries to go back however random things happen, sometimes it will ask for HTTP authentication twice (???) , sometimes it will keep asking for authentication in a loop (?) and sometimes it will let me go right back as if I never logged out.
I am new to how sessions work but my understanding is this: If/when the person is validated, it stores a variable in it's session called login with a value of true... if it every gets a GET request with logout, it will then delete that session variable and go back to logout.php... Why is it then when I click back to the index will it let me back in without asking for authentication, when session[login] is supposedly not set.
Any improvement to this PHP code is appreciated. I know I shouldn't use HTTP Basic and should incorporate SQL, but meh. This is a temporary solution.
Edit: I will accept a solution with MySQL if an example with instructions are included. I have no MySQL or PHP database knowledge (yet)
You can use the meta tag
http-equiv="refresh"
with a very short response time (e.g.content="1"
). This refresh will clear any$_POST
.A rough idea to start you:
I've found a way around it.
I have 2 files: index.php and logout.php
Here is my 'index.php' code:
And here is my 'logout.php' code: