HELP!!! session variables survives after logout!!!
Posted
by Alejandra
on Stack Overflow
See other posts from Stack Overflow
or by Alejandra
Published on 2010-05-19T14:59:07Z
Indexed on
2010/05/19
15:00 UTC
Read the original article
Hit count: 154
Hi guys!
I have a problem, will explain how to reproduce the problem:
1- login into my page (sesion variables set as $_SESSION['logged'] = true and $_SESSION['id'] = 123
2-then inside the main menu I click logout option, code like this
function logout()
{
session_start();
$_SESSION['id'] = null;
$_SESSION['logged'] = null;
unset($_SESSION);
session_destroy();
require_once('Views/SessionExpiredView.php');
}
3- In the session expired view I display a link the login page, there session is null
4- I click back on the browser and click ok to resend information
5- session becomes again $_SESSION['logged'] = true and $_SESSION['id'] = 123 and I'm loggued again and able to see all the information related to the id 123
This is a security issue and I don't know what is happening!!!
any suggestion will be deeply appreciated.
Alejandra
© Stack Overflow or respective owner