redirect - After logout browser's back button into twenty sixteen theme profile

admin管理员组

文章数量:1122846

I have tried numerous ways to prevent the browser's back button from allowing someone from using it to go back into a visitors logged out profile. The codes I used were supposed to prevent the browser from caching data from the last page visited after logout. They don't work. Wordpress logs the visitor out once they click the logged out button, yes this portion wors. Unfortunately, you can see the last page visited by the person who was logged on. The session is destroyed but the cache still holds the info for the last page visited. If you click any link on the profile page you will be brought back to the login page. You were not supposed to have been able to leave this login page without logging in. What code can use to force the browser to delete the data in the cache so the someone can not view info from a loggedout profile. Javascript would pose a security risk. Yes, I know that you can not delete the browser's history, but there must be a secure code for this. Wordpress comes with file that destroys the session but I can't find that file in the twenty sixteen code. Also, these codes do not work:

  if(!isset($_SESSION['logged_in'])) : 
  header("Location: login.php");  

  unset($_SESSION['logged_in']);  
  session_destroy();   

Can you Pleeease help!!!

I have tried numerous ways to prevent the browser's back button from allowing someone from using it to go back into a visitors logged out profile. The codes I used were supposed to prevent the browser from caching data from the last page visited after logout. They don't work. Wordpress logs the visitor out once they click the logged out button, yes this portion wors. Unfortunately, you can see the last page visited by the person who was logged on. The session is destroyed but the cache still holds the info for the last page visited. If you click any link on the profile page you will be brought back to the login page. You were not supposed to have been able to leave this login page without logging in. What code can use to force the browser to delete the data in the cache so the someone can not view info from a loggedout profile. Javascript would pose a security risk. Yes, I know that you can not delete the browser's history, but there must be a secure code for this. Wordpress comes with file that destroys the session but I can't find that file in the twenty sixteen code. Also, these codes do not work:

  if(!isset($_SESSION['logged_in'])) : 
  header("Location: login.php");  

  unset($_SESSION['logged_in']);  
  session_destroy();   

Can you Pleeease help!!!

• redirect
• profiles
• cookies
• authentication
• logout

Share Improve this question edited Apr 15, 2017 at 13:29 cjbj 15k1616 gold badges4242 silver badges8989 bronze badges asked Apr 15, 2017 at 5:35 user117689user117689 1122 bronze badges

Add a comment  | 

2 Answers 2

Sorted by: Reset to default 0

You should use the built in WordPress function is_user_logged_in(), as well as several other WordPress functions:

if ( !is_user_logged_in() ) {
    wp_redirect( get_bloginfo( 'url' ) . '/index.php' );
    exit;
}

wp_redirect() handles the redirection for you. Please be aware that it does not exit automatically, so you should call it afterwards.

I also built in the WordPress Function for getting your URL - this may not be necessary in your case, as you just redirect to the front page.

Be sure that this function is called before any output is sent.

Not sure if this will help anyone.

But I was able to redirect my URL after logout in the URL parameters.

https://example.com/wp-login.php?action=logout&redirect_to=https://example.com/persona/

本文标签： redirectAfter logout browser39s back button into twenty sixteen theme profile