登录和注销都很好,但从页面注销后,我仍然可以访问该页面,例如在url中,如果我使用codeigner_try/index.php/Home/backend,它将显示不应该发生的页面,我的意思是说,它应该只在我使用用户名和密码登录时显示。我在这里面临什么问题,有人能指导我吗?
这是我的Controller.php
//-------this is Login method --------
public function login()
{
if($this->input->post('login'))
{
$username=$this->input->post('username');
$password=md5($this->input->post('password'));
$query=$this->db->query("select * from login where username='".$username."' and password='$password'");
$row = $query->num_rows();
if($row)
{
$newdata=array(
'username' => $this->input->post('username'),
'password' => md5($this->input->post('password')),
'is_logged_in'=>TRUE
);
$this->session->set_userdata($newdata);
redirect('Home/Backend');
}
else
{
$data['error']="<h3 style='color:red'>Invalid login details</h3>";
}
}
$this->load->view('login',@$data);
}
//---------this is Logout method --------
public function logout()
{
$this->session->unset_userdata($newdata);
$this->session->sess_destroy();
redirect('Home/login');
}
//-------Backend page---------
public function Backend()
{
$this->load->view('backend');
}
希望这将帮助您:
你的logout方法应该是这样的:
public function logout()
{
$this->session->sess_destroy();
redirect('Home/login');
}
你的Backend应该是这样的:你必须在所有控制器中检查它
public function Backend()
{
if (! $this->session->userdata('is_logged_in')) redirect('Home/login');
$this->load->view('backend');
}
更多信息:https://www.codeigniter.com/user_guide/libraries/sessions.html#destroying-a会话
unset_userdata((可以通过传递会话密钥来删除它。
因此,注销功能将像这样更改。
public function logout()
{
$this->session->unset_userdata('username');
$this->session->unset_userdata('password');
$this->session->unset_userdata('is_logged_in');
/*
Or
$array_items = array('username' , 'password' , 'is_logged_in');
$this->session->unset_userdata($array_items);
*/
$this->session->sess_destroy();
redirect('Home/login');
}