Solved

after logout back page in code igniter

Posted on 2014-09-25
16
485 Views
Last Modified: 2014-09-29
hi,

i have problem in the logout page.
After user logout, they still can access the previous visited page by pressing browser back button
0
Comment
Question by:heng tang
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 4
  • +1
16 Comments
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 40343373
Everybody has that problem.  Browsers do not reload the page from the server when you click on 'Back', they just put up the last display of that page.  The question is can they click on anything and do anything that should require a login.
0
 

Author Comment

by:heng tang
ID: 40343465
the previous pages after logout on my app are having a click action. They shouldn't be allow to click anything after logged out.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40343616
What happens when they click?  Your page should tell them that they are logged out.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:heng tang
ID: 40343618
it still allow to click and proceed to action
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40343622
Then your login system is not working.  It should be checking the login status on every page.
0
 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 40343624
yes, you can lock the browser to back, i handled one project.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40343627
That won't fix his login problem.  If he can 'back' to the page and have it work, then someone can go directly to the page and make it work.  It appears that he is not checking the login on every page.
0
 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 40343683
I used this script on my logout and after login page as well. It works fine to me.

<script type="text/javascript">
        window.history.forward();
        function noBack()
        {
            window.history.forward();
        }
</SCRIPT>

</head>
<body onLoad="noBack();" onpageshow="if (event.persisted) noBack();" onUnload="">

Open in new window

0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 40343850
The issue here goes to the nature of HTTP requests and browser cache.  You can go "back" through browser history and the browser will simply show you the existing content of the cached page.  It's not until you deliberately refresh the browser (which causes a new HTTP request) that you see the new state of the request after the logout.  Because there are browser settings that come into play, this can be confusing and inconsistent on different client computers.  Because clients can disable JavaScript, the JavaScript solutions may not give you 100% coverage.  A safer way to do this is to cause the logout script to make an HTTP request after it has cleared the client credentials from the web server.

Here is an article on how to do PHP client authentication.  Note that the logout script has an example showing how to redirect the client browser with header().  This will cause the needed HTTP request, and the problem will be solved.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

Here is an article describing the nature of the HTTP Client/Server protocols.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/A_11271-Understanding-Client-Server-Protocols-and-Web-Applications.html

Here is the minimum information you need to understand about PHP sessions.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11909-PHP-Sessions-Simpler-Than-You-May-Think.html
0
 

Author Comment

by:heng tang
ID: 40345593
hmm.. i think i found the solution at Stackoverflow.  The reason for my case is due to the browser storing cache and it is a browser nature behaviour.  So it has nothing to do with my code.
 
I use the header to put no-cache on all pages so that  and do validation on every pages.

THanks for your time folks.. I suppose I should give you some credit for your efforts.
0
 

Author Comment

by:heng tang
ID: 40349259
I've requested that this question be closed as follows:

Accepted answer: 0 points for heng tang's comment #a40345593
Assisted answer: 100 points for Loganathan Natarajan's comment #a40343683
Assisted answer: 200 points for Ray Paseur's comment #a40343850

for the following reason:

FOund solution myself
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 40345943
So it has nothing to do with my code.
It has everything to do with your code!  Please read the last three lines of the code snippet under the paragraph Client Un-Authentication - the Logout Page
0
 

Author Closing Comment

by:heng tang
ID: 40349260
this answer leads me to the rigth direction to solve the problem which is to clear the page cache using native PHP
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 40349906
You can't clear the page cache using native PHP.  PHP runs on the server.  The cache is on the browser.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 40349910
@heng_tang: Please see the grading guidelines.
http://support.experts-exchange.com/customer/portal/articles/481419

Why did you give a marked-down grade?
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question