0

When a user logouts on my website it redirects them to the home page. But if they hit back in their browser it still has them as logged in. (logged in features don't work, as expected)

To counter this I was thinking about setting up the if(isset($_SESSION['signed_in'])) in a seperate file called by ajax, which would do a fresh reload even if the user hit back. But, would this cause any kind of security issue? Basically use Javascript to check if user is signed in and to signout a user.

Is there a better way to do this?

Log in/out is pure PHP atm, no javascript involved.

Improve this question
2
  • 2
    This is rather common, browsers often load the last page from cache, and it's usually not an issue Commented Aug 3, 2014 at 16:31
  • 1
    I will echo that it's pretty normal and shouldn't cause an issue. Like you said, logged in functions don't work since the server knows they are logged out, it's just a cached copy of the page they are seeing. Happens all the time, that's why like on bank sites they tell you to close the browser window completely. So that nobody can just hit back and see what you were doing. Commented Aug 3, 2014 at 17:23

1 Answer 1

Reset to default
1

Yeah as adeneo says, check if the browser loads your page from cache.

If it don't then check your log out code, be sure that you destroy the session or at least unset the session data used to check if user is logged.

I'm not sure to have completely understand your issue

Good luck

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

The session gets destroyed upon signout, but the problem is when you go back a page the browser still displays the user as being logged in.(even though he's not and user only functions will not work, as expected)
But when you go back, it's a complete new page, not a system with a javascript router and an anchor ? If the page is normally created from php, have you check if there is a cache system ? (on server AND browser side), i would like be able to help more :x

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.