codeigniter会话问题 [英] Codeigniter session problems

问题描述

我使用的是真棒 codeigniter认证库离子权威性创建用户身份验证在我的codeigniter申请，认证工作正常，但是当我注销，然后点击后面的浏览器，我可以经历的一切，我在我的应用程序访问过的引起关注断言用户隐私，但如果该页面的按钮我尝试刷新它承认我注销页面。我怎么能强制浏览器重新加载当用户单击后退浏览器的按钮？如何解决这个问题的任何建议将AP preciated ..

I've created user authentication using an awesome codeigniter authentication library ion auth in my codeigniter application, the authentication works fine but when i logout and click back button of the browser i can go through all the pages that i've visited in my application which raise concern aver user privacy but if i try to refresh the page it recognises that I'm logged out. How can i force the browser to reload when a user click back button of the browser? Any suggestion on how to solve this problem will be appreciated..

修改

控制器登出功能

function logout() {
    //log the user out
    $logout = $this->ion_auth->logout();

    //redirect them back to the page they came from
    redirect('auth', 'refresh');
}

这是从离子AUTH

public function logout() {
    $this->ci->ion_auth_model->trigger_events('logout');

    $identity = $this->ci->config->item('identity', 'ion_auth');
    $this->ci->session->unset_userdata($identity);
    $this->ci->session->unset_userdata('group');
    $this->ci->session->unset_userdata('id');
    $this->ci->session->unset_userdata('user_id');

    //delete the remember me cookies if they exist
    if (get_cookie('identity')) {
        delete_cookie('identity');
    }
    if (get_cookie('remember_code')) {
        delete_cookie('remember_code');
    }

    $this->ci->session->sess_destroy();

    $this->set_message('logout_successful');
    return TRUE;
}

我使用codeigniter 2.0.3

I'm using codeigniter 2.0.3

感谢名单提前..

推荐答案

很可能他们实际上注销（如你所说，提神导致他们出现注销）。这是可能的浏览器缓存，从而显示表明它们已经登录，但不会重新载入他们注销后的HTML。

Chances are they are in fact logged out (as you say, refreshing causes them to appear logged out). It is likely that the browser has cached the HTML which is displayed indicating they're logged in but doesn't reload it after they're logged out.

您可以设定已登录通过设置的Cache-Control 头与上没有缓存信息的页面。

You can set the pages which have login related information on to no cache by setting the Cache-Control header.

这可以用HTML实现

<META Http-Equiv="Cache-Control" Content="no-cache">
<META Http-Equiv="Pragma" Content="no-cache">
<META Http-Equiv="Expires" Content="0">

或PHP

header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past

您也可以实现哈克并不可取清除用户的使用下列code特定窗口的历史。这将需要被发送到浏览器的注销功能的一部分，并且如果用户已禁用JavaScript是行不通的。

You can also implement the hacky and inadvisable clearing the user's history for that particular window using the following code. This would need to be sent to the browser as part of the logout functionality and would not work if the user has javascript disabled.

<script language="javascript"> 
     var Backlen=history.length;   
     history.go(-Backlen);   
     window.location.href=page url
</SCRIPT>

这篇关于codeigniter会话问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！