logout.php is not working second time -
i have 1 problem logout.php . problem second time logout. example, user has 2 accounts on website. user loged in first account , click loged out ok. when logged in second account click loged out logout.php not work. can me here please..
here session.php
<?php $session_uid=$_session['uid']; // session private if(!empty($session_uid)) { $uid=$session_uid; $login='1'; } else if($_get['username'] || $_get['msgid']) { $uid=$wall->user_id($username); $login='0'; } else { $url=$base_url.'index.php'; header("location:$url"); } ?> and here login.php code:
<?php ob_start(""); error_reporting(0); include_once 'includes/db.php'; include_once 'includes/user.php'; session_start(); $session_uid=$_session['uid']; if(!empty($session_uid)) { header("location:main.php"); } $user = new user(); //login $login_error=''; if($_post['user'] && $_post['passcode'] ) { $username=$_post['user']; $password=$_post['passcode']; if (strlen($username)>0 && strlen($password)>0) { $login=$user->user_login($username,$password); if($login) { $_session['uid']=$login; header("location:main.php"); } else { $login_error="<span class='error'>wrong password or username!</span>"; } } } //registration $reg_error=''; if($_post['email'] && $_post['username'] && $_post['password'] ) { $email=$_post['email']; $username=$_post['username']; $password=$_post['password']; if (strlen($username)>0 && strlen($password)>0 && strlen($email) ) { $reg=$user->user_registration($username,$password,$email); if($reg) { $_session['uid']=$reg; header("location:main.php"); } else { $reg_error="<span class='registererror'>username or email exists.</span>"; } } } ?> and logout.php code:
<?php error_reporting(0); session_start(); $_session['uid']=''; if(session_destroy()) { $url=$base_url.'index.php'; //header("location: $url"); echo "<script>window.location='$url'</script>"; } ?>
because decided echo "<script>window.location='$url'</script>"; instead of header("location: $url"); logout.php being cached in browser. on second click, not hitting server.
you should redirect on server-side, not in javascript. if (1) don't print anything, (2) return location header, (3) redirect regardless of whether session_destroy() returns true or false, browser should not cache page, , should not have problem.
of course page being redirected have been cached, set no-cache headers on pages should protected login cached version not displayed browser when user logged out.
Comments
Post a Comment