8

I am a newbie in codeigniter. I am using an an login form to login as an admin. When the admin logs in with the correct user name and password s/he is directed to the home page with a session variable.and then if he clicks the log out button the session is supposed to be destroyed and redirect the user to log in page i.e log in form page.

The 1st controller is admin:

<?php
class Admin extends CI_Controller
{
    function index()
    {
        $data['main_content'] = 'admin/log_in';
        $this -> load -> view('includes/admin/admin_template', $data);
    }
    function log_in()
    {
        $this->load->model('admin_model');
        $query = $this -> admin_model -> validate();
        if ($query)// if the user's credentials validated...
        {
            $data = array('user_name' => $this -> input -> post('user_name'), 'is_logged_in' => true);
            $this -> session -> set_userdata($data);
            redirect('admin/home/admin_home');
        } else// incorrect username or password
        {
            $this -> index();
        }
    }
    function log_out()
    {
        $this->session->sess_destroy();
        redirect('/admin/admin','refresh');
    }
}

The second controller is the home controller:

<?php
class Home extends CI_Controller
{
    function __construct()
    {
        parent:: __construct();
        $this->is_logged_in();
    }
    function is_logged_in() 
    {
        $is_logged_in = $this -> session -> userdata('is_logged_in');
        if (!isset($is_logged_in) || $is_logged_in != true)
        {
            $this -> load -> view('admin/forbidden');
        }
    }
    function admin_home()
    {
        $data['main_content'] = 'home_view';
        $this->load->view('admin/home_view');
    }
}

The model is admin_model:

<?php
class Admin_model extends CI_Model
{
    function __construct()
    {
        parent:: __construct();
    }
    function validate()
    {
            $this->db->where('user_name',$this->input->post('user_name'));
            $this->db->where('password', $this->input->post('password'));
            $query = $this->db->get('user');
            if($query->num_rows==1)
            {
                return true;
            }
    }
}

Now, it supposed the user to logout and destroy the session, but if I click the back button of my browser I can get page back which was supposed not to be and the session is not destroyed. please tell me what I am doing wrong here. I am using codeigniter 2.1.0.

Jav_Rock
  • 22,059
  • 20
  • 123
  • 164
Shabib
  • 1,697
  • 4
  • 20
  • 39
  • After hitting the back button, are you retrieving a page from cache? Or if you hit `F5` does the page reload and show you logged in? – Jakub Jan 26 '12 at 13:56
  • yes it does,even after reloading it shows me logged in – Shabib Jan 26 '12 at 14:13
  • if you pull up a 'secure' page in another browser (no session data) do you get in as well? – Jakub Jan 26 '12 at 14:16
  • An Error Was Encountered The action you have requested is not allowed.---this error message is shown if i do so. – Shabib Jan 26 '12 at 14:21
  • is that error the output of `$this -> load -> view('admin/forbidden');` you need to be clear about these things. – Jakub Jan 26 '12 at 14:28
  • no this is that one. where do i have enable the profiler? – Shabib Jan 26 '12 at 14:31
  • then your login is broken somewhere, you have some questionable code and controller structure, you need to pull your `function log_in()` out of your controller, should be in a library, take a look at tank_auth to see how to do it correctly: http://www.konyukhov.com/soft/tank_auth/ – Jakub Jan 26 '12 at 14:33
  • alright, thank you for your help. i will let u know if i can fix this :) – Shabib Jan 26 '12 at 14:34

2 Answers2

11

after going through all the troubles and searching in various places i have finally found a proper solution to this question.the problem arrived because the browser was showing the cached pages.it was not the session that was creating the problem and it was working properly. here is the solution: in the home controller adding a function to clear the cache and calling it in the constructor function does the trick :) here is the home controller with the solution:

<?php
class Home extends CI_Controller
{
    function __construct()
    {
        parent:: __construct();
        $this->is_logged_in();
        $this->clear_cache();
    }
    function is_logged_in() 
    {

        if (!$this->session->userdata('is_logged_in'))
        {
            redirect('/admin/admin');
        }
    }
    function clear_cache()
    {
        $this->output->set_header("Cache-Control: no-store, no-cache, must-revalidate, no-transform, max-age=0, post-check=0, pre-check=0");
        $this->output->set_header("Pragma: no-cache");
    }
    function admin_home()
    {
        $data['main_content'] = 'home_view';
        $this->load->view('admin/home_view');
    }
}

now thanks goes to this link " logout feature in code igniter ",here is where i have found the solution and it works perfectly :)

Community
  • 1
  • 1
Shabib
  • 1,697
  • 4
  • 20
  • 39
5

If you logout then although the session is destroyed, the session userdata remains for the duration of the current CI page build.

As a precautionary measure you should do:

function log_out()
{
    $this->session->sess_destroy();
    // null the session (just in case):
    $this->session->set_userdata(array('user_name' => '', 'is_logged_in' => ''));

    redirect('/admin/admin');
}

See: http://codeigniter.com/forums/viewthread/110993/P130/#662369

Jakub
  • 20,418
  • 8
  • 65
  • 92
  • thank you, but it is not working. i am still facing same problem :( – Shabib Jan 26 '12 at 14:11
  • any reason you are doing a 'refresh' redirect? Why not do a location based one just do `redirect('/admin/admin');` That could be attributing to the problem, also if all else fails enable the `$this->output->enable_profiler(TRUE);` to see whats going on. – Jakub Jan 26 '12 at 14:15