Home/ Questions/Q 3871962
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T21:52:28+00:00

Our user authentication system makes use of cookies and $_SESSION variables to determine logged-in

  • 0

Our user authentication system makes use of cookies and $_SESSION variables to determine logged-in status. Every page tests for the presence of a user_id $_SESSION variable and a user_auth cookie:

if(!isset($_SESSION['user_id']) || !isset($_COOKIE['user_auth'])){
     // send user through login
}

and sends the user through the login process if they’re not found.The logout button loads the following page:

<?php 

session_start();
setcookie('user_auth','',time()-360000,'/','domain.com');
session_unset();
session_destroy();

header("location: http://home.domain.com");

?>

In Firefox, logging out and then pressing the back button sends the user back through the login process. However, in IE6 these values are retained and the user is able to access the page again. The values are definitely being destroyed as reloading the page sends the user back through the login process, but I’d obviously prefer IE6 to send the user straight back to login as Firefox does. I have tried using no-cache and revalidate headers, to no avail.

(Before it’s suggested, using Firefox/Safari/Chrome/IE8 is not an available option.)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It’s not caching the cookie values, it’s caching the pages themselves. If you want that not to happen, you could disable the cache by using headers.

    Depending on your content, you might also want to have the usual “please clear the cache and close the window” thing on your log-out message page.

    • 0