Click here to Skip to main content
15,878,814 members
Search within:


am using javascript to connect user login to my website how do i end the session
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Javascript
0 down vote favorite


am using a JavaScript to connect users to the homepage after the processing page have finish loading and sent the user to the homepage of welcome.html but the fact is how do i end the session after the click the log out button, because after signing out and if they hit back they will still get back the welcome.html, i have try disabling the back button in the browser but that's not awesome, i just need to kill the session so that it won't get them back to the welcome.html after they sign out instead it goes back to login page and require them to sign back in to access the welcome.html, and in this fact am not using php or DB to connect the user login, am using javascript, i don't know if it could work maybe with php simple line of codes or tags.

Here is my JavaScript code, i use to connect the users:

JavaScript
function Login(FORM){

var done=0;

var username=document.login.username.value;

username=username.toLowerCase();

var password=document.login.password.value;

password=password.toLowerCase();

if (username=="jonson111" && password=="happy111") { window.location="HomeAccess_uche/processing.html"; done=1;}

if (username=="wilsonqaz" && password=="open123qaz") { window.location="HomeAccess_wilson/processing.html"; done=1; }

if (done==0) { alert("USERNAME OR PASSWORD IS NOT IN THE DATABASE PLEASE TRY AGAIN!"); }

}

am using dreamweaver and yes i know i will encrypt the Java codes so that users will not understand it, but i just need to end the session after they sign out, this have given me a hard time to figure out i have search everywhere in Google but nothing, anyone can help?

Thanks
Posted
Updated 17-Nov-13 6:04am
v3
Add a Solution
Comments
enhzflep 17-Nov-13 12:34pm    
Comment removed, re-posted as a solution.
Graham Breach 17-Nov-13 15:00pm    
Did you post this as a comment by mistake?
enhzflep 17-Nov-13 22:21pm    
Nah, it just turned out longer than I'd anticipated and I was so tired my eyes were falling out of my head when I wrote it. (Damn-you comment entry box for having such an unreasonably short max-height attribute set) I think it should probably be a solution too. I'll move it, thanks. :)

1 solution

(moved from a comment)

Hmmm. My my, where to start?

When used in the context of web-programming, a 'session' is a term that indicates that some data is persisted _on the server_ about the current connection to it. A session-variable is maintained by the server and may be used to store all kinds of things - in this case, it would be used to store a variable that may be checked against a value in a particular column of a DB table. If the user's current value is not the same as the one held in the database, it is safe to assume they are not logged in.

As it stands, the code above doesn't log a user into the site - it merely sets the current URL to be HomeAccess_uche/processing.html if the user enters "jonson111" and "happy111", or to HomeAccess_wilson/processing.html if the user enters "wilsonqaz" and "open123qaz".

The thing is though, without using a server-side language, there is nothing to stop anyone from just navigating to either of these URLs and seeing the same content that would be presented had the correct username/password combination been entered.

By using a server-side language, the browser can hold the contents of the session-variable I mentioned earlier. When asking for a page, the server can check if this matches the session-variable stored into the DB for any particular user. If it matches, the page appropriate for this user can then be presented. If it does not, a generic "You must log-in first" type of screen can be presented.

By only programming the client-side of the affair you have no means by which you can dynamically decide to refuse any particular client. All you can do is show the alert message and refuse to change the window.location field. But again, that still doesn't stop the user from entering a url of his/her choosing.

So, after the user hits logout and is (I pressume) redirected to a particular page, pressing 'back' takes them back to the same url that showed the data that you want to control access to. Since there's nothing smart on the back-end, there's no change in behaviour - the page is simply served up as per usuall.

There's a zillion and one register/login tutes around for ASP, ASP.NET and PHP (alphabetic ordering, I express no preference or 'better' option) Since you've mentioned PHP, why not download XAMPP and follow one of those tutes? You should have a functioning access-control system within an hour or two, hopefully also with an improved understanding of the uses and need for session-variables.

Never-mind the fact that reading the source of your current login page will expose the username/password combination 'needed' to gain access. Entirely insecure against all but the least proficient users.

Here's a single result from a google search - "php login tutorial". It makes some good points and I recommend you read and follow it, or at the very least, read it.

How to Create a Secure Login Script in PHP and MySQL

You can grab XAMPP here: XAMPP for Window/Linux/MacOS X/Solaris
 
Share this answer
 
Posted
Comments
Member 10403170 18-Dec-13 8:04am    
thank you very much, right now i have gotten the php login script to secure the login user, and destroy the session, but the problem am having right now, as is it in the javascript login, i have many users and can redirect them to specific directory when they enter the user/pass, but in php it is so hard for me to figure out how to do that

here is my code any help will be appreciate a lot:

You are already logged in Click Here To go back your account";

}
else{
$form = "<form action='./login.php' method='post'>
<table>
<tr>
<td>Username:</td> <td><input type='text' name='user' /></td>
</tr>
</table>
<table>
<tr>
<td>Password:</td> <td><input type='password' name='password' /></td>
</tr>
</table>
<input type='submit' name='loginbtn' value='Login' />
</form>";

if ($_POST['loginbtn']) {
$user = $_POST['user'];
$password = $_POST['password'];

if ($user) {
if ($password) {
require("connect.php");

$password = md5(md5("agdagsjagsj".$password."77gggg77g7g7g"));

$query = mysql_query("SELECT * FROM users WHERE username='$user'");
$numrows = mysql_num_rows($query);
if($numrows == 1) {
$row = mysql_fetch_assoc($query);
$dbid = $row['id'];
$dbuser = $row['username'];
$dbpass = $row['password'];
$dbactive = $row['active'];

if ($password == $dbpass) {
if($dbactive == 1) {

$_SESSION['userid'] = $dbid;
$_SESSION['username'] = $dbuser;

header("Location: ./processing.php");
exit;

}

else
echo "INTERNET BANKING ACCESS IS CURRENTLY RESTRICTED, PLEASE CALL YOUR ACCOUNT OFFICER FOR ACTIVATION!. $form";

}
else
echo "Your Password is incorrect. $form";

}
else
echo "Your Username is not listed in our database. $form";

mysql_close();


}
else
echo "You enter no password. $form";


}
else

echo "Please enter your username. $form";


}

else
echo $form;
}

?>
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
I need help I am new to creating websites and need help in coding a website that will store user logins in a database when they sign up.
Using Facebook login & integrate with website
Hello. I am trying to connect my visual basic project to mysql database using xampp. I downloaded an SQL vbconnector from this website
User Control to User Login in Session Lost
how do I know if a user of website is active by IP, cookie and Session ID
how to login user in asp website using session
How to end user session when browser closed or web page is logout ?
Login page with automatic logout with sessions in ASP.NET
Setting session variable in javascript function
Undefined array key email and password to login

Advertise
Privacy
Cookies
Terms of Use
Last Updated 17 Nov 2013
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900