Prevent users from viewing pages that require a session

Question

Prevent users from viewing pages that require a session

I have a login page, after which I made a link to a page called logout and contains this code:

logout.php

<?php

session_unset();
session_destroy();
header("Location:");

?>

However, when I log out, click the back button and it will bring me back. How to change it so that it asks you to log in again before showing you its previous page?

+5

php

Script47 Apr 12 '13 at 15:17

source share

5 answers

, ( ), , , (.. ), , .

, .

+3

LeonardChallis 12 . '13 15:20

( PRIVATE/RESERVED) $_SESSION, , .

, , . , , , .

+1

STT LCU 12 . '13 15:23

<?php
    session_start();
    session_unset();
    session_destroy();
    session_write_close();
    setcookie(session_name(),'',0,'/');
    session_regenerate_id(true);
?>

: Manual

+1

verbumSapienti Apr 12 '13 at 15:25

source share

try this to check each page if the user is registered

if (!$_SESSION['logged_in']) { //you would have to make $_SESSION['logged_in'] when they login
header('location: login.php');
}

all this means that if $ _SESSION ['logged_in'] is NOT set, redirect them to the login page.

You will also need other checks to protect them.

+1

Pwner Apr 12 '13 at 15:30

source share

Luigi siri · Accepted Answer · 2013-04-12T15:21:33+0000

You did not specify a redirect location.

Must be:

 header("Location:http://example.com/login.php");

Thus, when you log out, it redirects the browser to login.php.

EDIT:

In addition, this will help add a session verification condition to the home page.

Feel like:

 if(!isset($_SESSION))
 {
     header("Location:http://example.com/login.php");
 }

Prevent users from viewing pages that require a session

More articles: