Logoff doesn't work on protected page

By pgplast - October 4, 2021

I have a very simple page protected by Website Membership plugin. It alllows the logged in user access to links for certain private files along with links to logoff.

The logoff links do redirect to the logoff url set in the plugin code, but the user can still browse directly back to the page and see its contents. Only a forced refresh of the browser cache will once again present the user with the login form. I have seen similar behavior in shared hosting environments when the server is set with expires headers that cache pages. However, this dedicated server is not set with any caching directives, so I don;' know what is going on.

The simple code is as follows:

<?php header('Content-type: text/html; charset=utf-8'); ?>

// load viewer library
$libraryPath = 'cmsCSoft/lib/viewer_functions.php';
$dirsToCheck = ['','../','../../','../../../','../../../../']; // add if needed: '/home/mdwoundconsult/public_html/'
foreach ($dirsToCheck as $dir) { if (@include_once("$dir$libraryPath")) { break; }}
if (!function_exists('getRecords')) { die("Couldn't load viewer library, check filepath in sourcecode."); }

if (!$CURRENT_USER) { websiteLogin_redirectToLogin(); }

$user_num = $CURRENT_USER['num'];
$doctor_name = "Dr. ".$CURRENT_USER['last_name'];

// load records from 'doctor_paychecks'
list($doctor_paychecksRecords, $doctor_paychecksMetaData) = getRecords(array(
'tableName' => 'doctor_paychecks',
'loadUploads' => true,
'allowSearch' => true,
'where' => 'doctor='.$user_num,

?><!DOCTYPE html>
<html lang="en">
<meta charset="utf-8">
<link href="css/general.css" type="text/css" rel="stylesheet"/>

<h3><?php echo $doctor_name;?> Paychecks</h3>
<div class="dotted_div"></div>
<p>From this page archive you may obtain paycheck accounting files from Wound Physician. <br/>When you are done reviewing your files, be sure to <a href="?action=logoff">log out here</a> for security. </p>
<div class="add_height_20"></div>

<?php foreach ($doctor_paychecksRecords as $record): ?>

<p> Doctor: <?php echo $record['doctor:label'] ?><br>
Pay Date: <?php echo date("D, M jS, Y", strtotime($record['pay_date'])) ?></p>

<?php foreach ($record['paycheck'] as $index => $upload): ?>
<a href="<?php echo htmlencode($upload['urlPath']) ?>">Download Paycheck Accounting</a>

<?php endforeach ?>

<div class="dotted_div"></div>
<?php endforeach ?>

<div class="add_height_20"></div>
<p><a href="?action=logoff">Log Out</a></p>

<?php if (!$doctor_paychecksRecords): ?>
No paychecks were found!<br><br>
<?php endif ?>



Any help is much appreciated.


By pgplast - October 26, 2021

This problem was finally solved by modifying expires headers on server.

By Michael - October 27, 2021

Great!  Glad to hear you were able to got it sorted out.

Michael Sams