I am trying to use session for login and logout in my code but my browser saves the data that is being passed and i can access the page directly if i enter the url like this 'localhost/P_Display/user/Dashboard/' i can access this page directly even after logout does this mean that session is not being destroyed completely? here is my code
if($login_data)
{
$user_id = $login_data->id;
$login_data=$this->session->set_userdata(array('user_id'=>$user_id));
// print_r($login_data);
return redirect("user/dashboard/");
}
this is the part that check the user for login..
now for logout
public function logout()
{
$this->session->unset_userdata('user_id');
$this->session->sess_destroy();
return redirect('user','refresh');
}
what can i do to stop the user from accessing anything after logout?
Try with this in view file
<?php
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
?>
Or in .htaccess FileETag None Header unset ETag Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate" Header set Pragma "no-cache" Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
Or In the __construct function of controller
$this->output->set_header('Last-Modified: ' . gmdate("D, d M Y H:i:s") . ' GMT');('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0');
$this->output->set_header('Pragma: no-cache');
$this->output->set_header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
Or in HTML
<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="0" />
For more visit How to control web page caching, across all browsers?
I think you can check the session in constructor of dashboard controller. And if session is not set redirect the user to login page like...
class Dashboard extends CI_Controller {
public function __construct()
{
if(!isset($this->session->userdata['user_id']))
{
redirect('user','refresh');
}
}
.....
}
This will redirect to users(should be login) controller if user is not logged in.
When I code the login part and control access, I use to control, for each function, userdata session. It means that each function starts with something like :
If (!$this->session->userdata('login_type')) {
redirect ('login', 'refresh')
}
For example.
I did not manage to use it in the constructor or other.
put below code in your __construct function of all your controller which are needed login
$this->output->set_header('Last-Modified:' . gmdate('D, d M Y H:i:s') . 'GMT');
$this->output->set_header('Cache-Control: no-store, no-cache, must-revalidate');
$this->output->set_header('Cache-Control: post-check=0, pre-check=0', false);
$this->output->set_header('Pragma: no-cache');
After this page will not open when you click on back button of browser.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.