问题
I am having trouble with my session script. I include this file call functions.php in every file I need a session in.
<?php
session_start(); {
if(isset($_SESSION['username']) && !empty($_SESSION['username'])) {
return true;
} else {
return false;
}
}
?>
And then I use this file to logout. Called logout.php
<?php
include('functions.php');
session_destroy();
// We redirect them to the login page
header("Location: homepage.php");
die("Redirecting to: homepage.php");
?>
Can anyone help me fix it so that when a user clicks the logout link they cannot go back to the members area and be logged in again.
回答1:
Ok, I assume the problem was this, You just destroy the session within the logout.php, but not clearing the session variables. Please take a look at the documentation,
What happened in your case is, whenever you going back to the home page, you restart the session, therefore you will be able to access the $_SESSION['username'] since you did not clear the variable and you get logged in.
Solution for your problem is
<?php
include('functions.php');
session_unset(); // need to be called before session_destroy()
session_destroy();
// We redirect them to the login page
header("Location: homepage.php");
die("Redirecting to: homepage.php");
?>
or you can simply clear the $_SESSION['username'] within logout.php script, and you don't necessarily need to destroy the session at all.
Hope this helps
回答2:
It could well be the browsers cache displaying the page, if you logout, clear the cache and then press back does it still do the same?
I found a previous question which may help you: Stopping the back button from exposing secure pages?
来源:https://stackoverflow.com/questions/16492447/php-sessions-issue-with-back-button