session - security issue: php login/logout script + back button -
I am using a login script that stores session value
$ _ Session ['Login' '] =' Yes'
On logout, when the user enters the correct user / password, this session value is set to an empty space. However users can back up and log back in for some time. I also tried $ _SESSION = array (); And session_destroy (); But with the same result.
Does they actually log back in, or do they reload pages only Cache? If it's only a cache, they will not be able to see the page that was not before, and they will not be able to see new data on your site.
If they are actually logging back in, then your login code is bad on each page on the login page and login page.
Comments
Post a Comment