Codeigniter pressing logout button and disable the back browser button

Question

Hello guys i am using CodeIgniter Framework, i have a problem within after logout, the session is already destroyed and redirect to login form, and after redirecting to login form, the browser back button can be backed to dashboard but there are errors because of the session was destroyed already. All i want is to disable the back button of the browser or anything that my previous cant be loaded. I have read other posts about this problem and tried their solution but it doesn't work. I have already pasted this code based on what I've read in other post in my constructor.

The code that I've seen from the post and posted in my constructor :
 header("cache-Control: no-store, no-cache, must-revalidate");
        header("cache-Control: post-check=0, pre-check=0", false);
        // HTTP/1.0
        header("Pragma: no-cache");
        // Date in the past
        header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
        // always modified
        header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");

here is my logout:

 $sess_array = array(
        'username' => ''
        );
        $this->session->unset_userdata('logged_in', $sess_array);
        $this->session->sess_destroy();
        redirect('auth', 'refresh');

here is from my dashboard :

    <li>                                 
<a href="<?= base_url('auth/logout') ?>"><i3 class="glyphicon glyphicon-off"></i3> Logout</a>
   </li>

Abdulla Nilam · Accepted Answer · 2018-07-24 08:34:37Z

7

I tired to implement this option but it doesn't works well. So i implement new logic on this.

Simply check is session is set in every main methods. Below code help you

In logout(define in controller)

function __construct()
{
    parent::__construct();
    ob_start(); # add this
}

public function logout()
{
    $this->load->driver('cache');
    $this->session->sess_destroy();
    $this->cache->clean();
    ob_clean();
    redirect('home'); # Login form or some other page         
}

In dashboard(Function)

public function home()
{
    $logged_in = $this->session->userdata('logged_in');
    if($logged_in != TRUE || empty($logged_in))
    {
        #user not logged in
        $this->session->set_flashdata('error', 'Session has Expired');
        redirect('user_logging'); # Login view
    }
    else
    {
        #user Logged in
        $this->load->view("viewname",$data);
    }
}

In Login(function)

$session = array(
    'username'  => $name,
    'logged_in' => TRUE
);

$this->session->set_userdata($session);

edited Jul 24, 2018 at 8:34

answered Sep 10, 2016 at 12:54

Abdulla Nilam

37.9k18 gold badges68 silver badges89 bronze badges

hello sir, how can i manipulate this code $this->session->set_userdata('logged_in', $session_data); to satisfy the if condition about logged_in = TRUE
– Jc John
Commented Sep 10, 2016 at 13:20
what is your session fields ??
– Abdulla Nilam
Commented Sep 10, 2016 at 13:21
$session_data = array ( 'user_email' => $res[0]->user_email, 'user_id' => $res[0]->user_id, 'usertype_name' => $res[0]->usertype_name, 'user_fname' => $res[0]->user_fname, 'user_mname' => $res[0]->user_mname, 'user_lname' => $res[0]->user_lname ); $this->session->set_userdata('logged_in', $session_data);
– Jc John
Commented Sep 10, 2016 at 13:22
@AbdullaNilam can you explain why you are loading the cache driver? curious
– Alex
Commented Jul 24, 2018 at 8:35
@Alex that for this Jc John's requirement. He was used cache when i check his code. clear now?
– Abdulla Nilam
Commented Jul 24, 2018 at 8:38

| Show 2 more comments

jeroen · Accepted Answer · 2016-09-10 12:48:41Z

2

You are trying to solve the wrong problem: If going back after logout leads to a page full of errors, going to that page directly would cause the same problem.

This should never occur, instead when someone tries to open a page that should not be opened when not logged-in, the visitor should be directed to the login page.

Apart from that you should not mess with the user's browser experience. So even you could, you should not disable the back-button. And even if you could, it could probably easily be circumvented by disabling javascript (for example...).

answered Sep 10, 2016 at 12:48

jeroen

91.5k22 gold badges115 silver badges132 bronze badges

thank you for your answer sir. My code works good, it provide errors after logout because the session is already destroyed. How can i solve this sir ?
– Jc John
Commented Sep 10, 2016 at 12:53

Add a comment |

Mukesh Kumar · Accepted Answer · 2018-05-25 08:50:45Z

first of all, set the userdata session value when you successfully log in to the admin panel use this line after all the validation you have done on login from

$this->session->set_userdata('admin_id',$admin_id);

you can just do 1 thing to avoid direct login of ant of the pages of your user panel or admin panel, just make a constructor in your admin controller like this

public function __construct()
{
    parent::__construct();
    if(! $this->session->userdata('admin_id')){
        return redirect('login_controller');//your login controller which have login page as view in index function//
    }
}

and use the logout function like this:

public function logout()
{
    $this->session->unset_userdata('admin_id');
    return redirect('login_controller');
}

by this way, after you log out from the admin panel and try to use back button or try to use the direct calling of any of the admin panel page or function it won't open,it works for me and still using this code in user and admin panel making

gawi · Accepted Answer · 2018-07-28 08:33:33Z

Hope this will help you

Your login function

function login() {

     $query = $this->login_model->get_user($username, $password);

     foreach ($query as $row) {
          $username = $row->username;
     }

     $session_array = array(
          'username' => $username,
          'logged_in' => TRUE
     );

     $this->session->set_userdata('logged_in', $session_array);
}

Your logout function

public function logout() {

    $this->session->unset_userdata('logged_in');
    $this->session->sess_destroy();
    redirect('login', 'refresh');
}

And in the dashboard or home controller

function index() {

    if ($this->session->userdata('logged_in') !== FALSE && ($this->session->userdata['logged_in']['login_type'] == "" ))
    {
         // Your codes 
    } else {
       redirect('login/logout');
    }
}

Skilled Knight · Accepted Answer · 2021-04-13 06:52:51Z

you can use the construct method at the beginning of your admin controller, inside construct add the condition it will work in every function as long as the controller is admin,

public function __construct()
{
    parent::__construct();
    if(! $this->session->userdata('admin_id')){
        return redirect('login_controller');//your login controller which have login page as view in index function//
    }
} 


but as you move on deep into your web application and browse through several controllers and methods, you will encounter "page not found page" if you log out somewhere in the middle of the page with a controller other than admin,

To solve this problem add the construct method like below code in all the controllers construct at the beginning and then you will be able to logout from anywhere with session destroy,



public function __construct()
{
    parent::__construct();
    if(! $this->session->userdata('admin_id')){
        return redirect('login_controller');//your login controller which have login page as view in index function//
    }
}

Collectives™ on Stack Overflow

Codeigniter pressing logout button and disable the back browser button

5 Answers 5

Not the answer you're looking for? Browse other questions tagged
php
codeigniter
session
or ask your own question.

Linked

Hot Network Questions

Collectives™ on Stack Overflow

5 Answers 5

Not the answer you're looking for? Browse other questions tagged phpcodeignitersession or ask your own question.

Linked

Related

Not the answer you're looking for? Browse other questions tagged
php
codeigniter
session
or ask your own question.