cakephp logout is not working perfectly

Question

When Users logged in first time users get logged out on clicking the logout button . but if the users again logged in and tries to logout before clearing the cookies of browser, user is unable to logout. Anyhelp ? I am using cakephp 2.5.6

public function logout() {
        $this->redirect($this->Auth->logout());
    }

//appcontroller

class AppController extends Controller {
         public $components = array(
        'DebugKit.Toolbar',
        'Session',
        'Auth' => array(
            'loginRedirect' => false,
            'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
            'authError' => 'You must be logged in to view this page.',
            'loginError' => 'Invalid Username or Password entered, please try again.',
            'authenticate' => array(
                'Authenticate.MultiColumn' => array(
                    'fields' => array(
                        'username' => 'email',
                        'password' => 'password'
                    ),
                    'columns' => array('email'),
                    'userModel' => 'User',
                    'scope' => array('User.status' => 1)
                )
            )
        ));

    }

//.htaccess in the webroot

<IfModule mod_deflate.c>
    #The following line is enough for .js and .css
    AddOutputFilter DEFLATE js css

    #The following line also enables compression by file content type, for the following list of Content-Type:s
    AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml

    #The following lines are to avoid bugs with some browsers
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html 
</IfModule>
<IfModule mod_headers.c>
  <FilesMatch "\.(js|css|xml|gz)$">
    Header append Vary: Accept-Encoding
  </FilesMatch>
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 1 month"
</IfModule>
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
    RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>

Answer 1

Your problem is probably cache related and caused by one of the lines in mod_expires.c. Adding the below headers to your logout function (and deleting sessions and cookies just in case) should solve the problem.

public function logout() {
    header('pragma: no-cache'); 
    header('Cache-Control: no-cache, must-revalidate');
    $this->response->disableCache();
    $this->Session->delete('Auth.User');
    $this->Session->delete('User');
    $this->Session->destroy();
    $this->Cookie->destroy();
    return $this->redirect($this->Auth->logout());
}