I will explain how to reproduce my problem: Log into my page: session variables

Question

0

Editorial Team

Asked: May 14, 20262026-05-14T21:57:55+00:00 2026-05-14T21:57:55+00:00

I will explain how to reproduce my problem: Log into my page: session variables

0

I will explain how to reproduce my problem:

Log into my page: session variables are set as $_SESSION['logged'] = true and $_SESSION['id'] = 123.

Inside the main menu, click the log out option. The code is like this:

function logout()
{
    session_start();
    $_SESSION['id'] = null;
    $_SESSION['logged'] = null;

    unset($_SESSION);

    session_destroy();

    require_once('Views/SessionExpiredView.php');
}

In the session expired view I display a link to the login page; there, the session is null.
I click back on the browser, and click OK to resend information.
The session becomes again $_SESSION['logged'] = true and $_SESSION['id'] = 123 and I am logged in again and able to see all the information related to the ID 123.

This is a security issue and I don’t know what is happening.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-14T21:57:56+00:00

Editorial Team

2026-05-14T21:57:56+00:00Added an answer on May 14, 2026 at 9:57 pm

Step 4: You click back and click “Resend information” — that means that you have resent your previous POST information (apparently the login and the password) — so nothing unusual.

A hint: just make a redirect after logging the user in.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I will explain how to reproduce my problem: Log into my page: session variables

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply