2

I started using codeigniter for my project. I have user authentication system for my website. I have seen the videos from nettuts for the login information. I am confused why the logout is not working properly.

I have the following logout function in my login controller.

function logout() {
        $this->session->sess_destroy();
        redirect('main');
    }

If I click on the logout button I am redirecting the user to the main page. But after redirecting the user to the main page, if click on the back button on the browser I will see the logoff and my name on the top of the page. I need some help on where I am going wrong or is there any important piece of code I am missing in my controller

Thanks in advance

EDIT

I think I found the solution. I should append the following code into the appropriate controller

$this->output->set_header("Cache-Control: no-store, no-cache, must-revalidate, no-transform, max-age=0, post-check=0, pre-check=0");
$this->output->set_header("Pragma: no-cache");
tereško
  • 58,060
  • 25
  • 98
  • 150
user525146
  • 3,918
  • 14
  • 60
  • 103

2 Answers2

3

I think this is a browser cache issue. If you click back you are actually seeing the cached page, the way it was when you were logged in.

Try and hit F5 when just after going back to the before logout page. It should now show that you are logged out.

jfoucher
  • 2,251
  • 2
  • 21
  • 29
  • Yes you are right. Is this not a security flaw. When I click on the logout, though I click on the back button I think my code should not allow the user to see the cache page also I believe. If there is some important information that user has seen before logging out, if some user clicks on the back page he will see the last browsed page. How to get rid of this issue. – user525146 Apr 04 '11 at 23:11
  • You can try putting no cache headers on all logged-in pages, it's the only solution I can think of at the moment... Actually most websites seem to have this issue, including this one. – jfoucher Apr 05 '11 at 07:48
  • Integrate @amit's suggestion into your answer? – bacar Sep 04 '14 at 08:03
  • Integrate @amit's suggestion into your answer? – bacar Sep 04 '14 at 08:03
3

Adding header to my main constructor solved my problem with IE7:

$this->output->set_header("Cache-Control: no-store, no-cache, must-revalidate, no-transform, max-age=0, post-check=0, pre-check=0");
$this->output->set_header("Pragma: no-cache");
mbinette
  • 5,094
  • 3
  • 24
  • 32
amit
  • 31
  • 1