Hi All. I am using PHPRunner Enterprise 10.5. My application has started behaving strangely on session timeout and successful logout.
In the past, on session timeout, user activity would trigger a divert to the login page. And of course user-initiated logout would also lead to the login page.
Now, on session timeout, the user can continue viewing data and navigating between menus, although there is no user logged in (Login link displays 'Login'). Equally, a hard logout simply displays data without a logged in user. Fortunately, the data cannot be viewed unless there was a previous successful login.
I have mitigated the problem slightly by forcing a redirect to the login page in the After logout event :
session_unset(); header("Location: <a href='https://[website]/login.php'>https://[website]/login.php</a>;");But even this does not work every time, and it doesn't catch the session timeout case.
How can behaviour on session timeout or successful logout be messed up in development? How can it be corrected?
Thanks in advance for any and all help.