0

I am having trouble with my session script. I include this file call functions.php in every file I need a session in.

<?php

session_start(); {

  if(isset($_SESSION['username']) && !empty($_SESSION['username'])) {
    return true;
    } else {
    return false;
    }

  }

?>

And then I use this file to logout. Called logout.php

<?php
include('functions.php');
session_destroy();
// We redirect them to the login page
header("Location: homepage.php");
die("Redirecting to: homepage.php");
?>

Can anyone help me fix it so that when a user clicks the logout link they cannot go back to the members area and be logged in again.

4

2 回答 2

1

好的,我认为问题是这样的,您只需在 logout.php 中销毁会话,但不清除会话变量。请看一下文档

在您的情况下发生的情况是,每当您返回主页时,您都会重新启动会话,因此您将能够访问,$_SESSION['username']因为您没有清除变量并且您已登录。

您的问题的解决方案是

<?php
include('functions.php');
session_unset(); // need to be called before session_destroy()
session_destroy();
// We redirect them to the login page
header("Location: homepage.php");
die("Redirecting to: homepage.php");
?>

或者您可以简单地清除$_SESSION['username']inside logout.php 脚本,并且您根本不需要销毁会话。

希望这可以帮助

于 2013-05-11T06:42:50.980 回答
0

很可能是显示页面的浏览器缓存,如果您注销,清除缓存然后按回,它仍然做同样的事情吗?

我发现了一个可能对您有所帮助的问题: 阻止后退按钮暴露安全页面?

于 2013-05-11T00:13:12.160 回答