session - Cakephp does not expire page after logout -

session - Cakephp does not expire page after logout -

i learning cakephp, have written illustration of manual, problem method logout of userscontroller, when press link logout application redirected login form, button of browser allows homecoming page requires authenticated user, illustration of occurs page add together posts

source code

userscontroller.php

<?php class userscontroller extends appcontroller { public function beforefilter() { parent::beforefilter(); // allow users register , logout. $this->auth->allow('add', 'logout'); } public function add() { if ($this->request->is('post')) { $this->user->create(); if ($this->user->save($this->request->data)) { $this->session->setflash(__('the user has been saved')); homecoming $this->redirect(array('action' => 'index')); } $this->session->setflash( __('the user not saved. please, seek again.') ); } } public function edit($id = null) { $this->user->id = $id; if (!$this->user->exists()) { throw new notfoundexception(__('invalid user')); } if ($this->request->is('post') || $this->request->is('put')) { if ($this->user->save($this->request->data)) { $this->session->setflash(__('the user has been saved')); homecoming $this->redirect(array('action' => 'index')); } $this->session->setflash( __('the user not saved. please, seek again.') ); } else { $this->request->data = $this->user->read(null, $id); unset($this->request->data['user']['password']); } } public function delete($id = null) { $this->request->onlyallow('post'); $this->user->id = $id; if (!$this->user->exists()) { throw new notfoundexception(__('invalid user')); } if ($this->user->delete()) { $this->session->setflash(__('user deleted')); homecoming $this->redirect(array('action' => 'index')); } $this->session->setflash(__('user not deleted')); homecoming $this->redirect(array('action' => 'index')); } public function login() { //$this->layout=null; if ($this->request->is('post')) { if ($this->auth->login()) { $this->session->write('userid',$this->auth->user('id')); //$this->session->write('userid',authcomponent::user('id')); homecoming $this->redirect($this->auth->redirect()); } $this->session->setflash(__('invalid username or password, seek again')); } } public function logout() { $this->session->delete('userid'); $this->session->destroy(); homecoming $this->redirect($this->auth->logout()); } } ?>

postscontroller.php

<?php class postscontroller extends appcontroller { public $helpers = array('html', 'form'); public function isauthorized($user) { // registered users can add together posts if ($this->action === 'add') { homecoming true; } // owner of post can edit , delete if (in_array($this->action, array('edit', 'delete'))) { $postid = (int) $this->request->params['pass'][0]; if ($this->post->isownedby($postid, $user['id'])) { homecoming true; } } homecoming parent::isauthorized($user); } public function index() { if ($this->session->read('userid')) { $this->set('posts', $this->post->find('all', array('conditions' => array('post.user_id' => authcomponent::user('id'))))); } else { $this->set('posts', $this->post->find('all')); } } public function view($id = null) { if (!$id) { throw new notfoundexception(__('invalid post')); } $post = $this->post->findbyid($id); if (!$post) { throw new notfoundexception(__('invalid post')); } $this->set('post', $post); } public function add() { if ($this->auth->loggedin()) { if ($this->request->is('post')) { $this->request->data['post']['user_id'] = $this->auth->user('id'); $this->post->create(); if ($this->post->save($this->request->data)) { $this->session->setflash(__('your post has been saved.')); homecoming $this->redirect(array('action' => 'index')); } $this->session->setflash(__('unable add together post.')); } } else { homecoming $this->redirect(array('controller' => 'users', 'action' => 'login')); } } public function edit($id = null) { if (!$id) { throw new notfoundexception(__('invalid post')); } $post = $this->post->findbyid($id); if (!$post) { throw new notfoundexception(__('invalid post')); } if ($this->request->is(array('post', 'put'))) { $this->post->id = $id; if ($this->post->save($this->request->data)) { $this->session->setflash(__('your post has been updated.')); homecoming $this->redirect(array('action' => 'index')); } $this->session->setflash(__('unable update post.')); } if (!$this->request->data) { $this->request->data = $post; } } public function delete($id) { if ($this->request->is('get')) { throw new methodnotallowedexception(); } if ($this->post->delete($id)) { $this->session->setflash( __('the post id: %s has been deleted.', h($id)) ); homecoming $this->redirect(array('action' => 'index')); } } } ?>

appcontroller.php

<?php app::uses('controller', 'controller'); /** * application controller * * add together application-wide methods in class below, controllers * inherit them. * * @package app.controller * @link http://book.cakephp.org/2.0/en/controllers.html#the-app-controller */ class appcontroller extends controller { public $components = array( 'session', 'auth' => array( 'loginredirect' => array('controller' => 'posts', 'action' => 'index'), 'logoutredirect' => array('controller' => 'users','action' => 'login'), 'authorize' => array('controller') // added line ) ); public function isauthorized($user) { // admin can access every action if (isset($user['role']) && $user['role'] === 'admin') { homecoming true; } // default deny homecoming false; } public function beforefilter() { $this->auth->allow('index','view','login','helloajax'); } } ?>

please check beforefilter function appcontroller

you have explicitly allowed action through authcomponent

public function beforefilter() { $this->auth->allow('index','view','login','helloajax'); }

please verify actions want allow unauthenticated visitor.

since appcontroller extended every single controller in cakephp. turn out allowing unauthenticated users access index,view,login etc actions every single controller have created or create.

session cakephp expired-sessions