0
Good afternoon, Folks.
This is the following I am developing an academic system, where a user through login and password accesses the area corresponding to his permission, after using it must click on logout or close the window. only that when logging out the pages continue to be accessed by the back button of the browser, I need them to be inaccessible, being accessed again through login.
Can someone help me with this.
You need to better explain how you implemented this access control logic. But basically you need to save the logged in user to the session, and check if this data exists in the session before loading each restricted page.
– bfavaretto
bfavaretto,is the following the user logs in and is directed to a specific page, and he browses through the system pages when returning to the home page he logs out, if confiro really session has been destroyed but visited pages are still accessible by browser button.
– Everson Borges
Put the code where it initializes and destroys the session...
– MagicHat
I don’t know how you implemented your sessions. At each request start you should check whether the user is logged in or not, and when not, redirect to the login. On logout, the ideal is to send a POST to the logout page, and then redirect the user to a page (using GET even). A similar question https://stackoverflow.com/questions/8354787/how-to-avoid-user-get-into-the-login-session-even-after-logging-out-by-clicking
– Renan Cavalieri
@Magic Hat where I put the code
– Everson Borges
@Leocaracciolo where I call this function
– Everson Borges
you don’t have to do anything but paste the code on the page, the function call is already at the end of the code
– user60252
Inside your question has a [edit] link, click copy your code and paste, then select only your code and click the keys
{}for formatting...– MagicHat