Invalid unset Firefox

Unset Firefox invalid unset ($ _ SESSION ['user']);
Firefox is ineffective. Google is OK. I don't know why. does Firefox have any special requirements?
If Firefox F12 is used, security issues may occur. the system prompts "the password field appears on an insecure page (http. This is a security risk that may cause theft of user login creden ."
The user name and password submitted using POST, but iframe is used to obtain the php content for processing login. is this not safe?

Reply to discussion (solution)

The prompt "the password field appears on an insecure page (http. This is a security risk that may cause theft of user login creden ."
What is your secret ?? Going out? Is plaintext ,? Encrypted, easy to get? . Why not use https? Prompted .? Sentence? You can ignore it.

Yes? Name and password? Post to iframe? Face to Face ???? No? Not safe.

Unset ($ _ SESSION ['user']) no ?? ? In iframe? Face?

Unset ($ _ SESSION ['user'])
This sentence is directly written in a logout. php file,
Click "exit" to connect to this file. Firefox cannot cancel this session. google and 360 are normal.

I tested it with firefox.
A. php

B. php

Var_dump NULL is normal.

If it cannot be unset, run $ _ SESSION ['user'] = NULL;

Var_dump output is NULL
The reason is found. it turns out that Firefox does not refresh the page and js that determines the login status is not executed.
This is what is written in logout. php.
Unset ($ _ SESSION ['user']);
Echo "script history. go (-1) script";

Firefox rolled back. $ (document). ready (function () {} won't run the function.
Google will run

Look? Are you using firefox ?? Now .??? And everything is normal.

It's strange to have another Firefox.

I encountered this problem when I wrote the verification code class.
During window. onload, I refreshed the verification code image.
The verification code remains unchanged after Firefox submits the form, and IE refreshes
After checking the information, Firefox's kernel will save historical records for all tabs in the memory. when a rollback occurs, it only reads the memory and saves the js running status. The rollback of the IE kernel is like directly entering the address.

Echo "script history. go (-1) script";
Change to jump header ("Location: xx. php"); try

Sessions are stored on the server.
As long as the browser can pass the correct sessionid, the other will be irrelevant to the browser.

Unset ($ _ SESSION ['user']);
It is not allowed to cancel the session, but only deletes the uesr item from the session.
Obviously, this statement is executed with conditions, so you should check whether the deletion conditions are true.
The deletion conditions passed are related to the browser.

I encountered this problem when I wrote the verification code class.
During window. onload, I refreshed the verification code image.
The verification code remains unchanged after Firefox submits the form, and IE refreshes
After checking the information, Firefox's kernel will save historical records for all tabs in the memory. when a rollback occurs, it only reads the memory and saves the js running status. The rollback of the IE kernel is like directly entering the address.

Is there any solution to this problem?

Echo "script history. go (-1) script";
Change to jump header ("Location: xx. php"); try

This is normal ..

Sessions are stored on the server.
As long as the browser can pass the correct sessionid, the other will be irrelevant to the browser.

Unset ($ _ SESSION ['user']);
It is not allowed to cancel the session, but only deletes the uesr item from the session.
Obviously, this statement is executed with conditions, so you should check whether the deletion conditions are true.
The deletion conditions passed are related to the browser.

The deletion should be successful, because Firefox rollback is ineffective, but refresh it.

Is there any solution to this problem?

Use the php header Location or window. location. href as the 9th floor to prevent the program from falling back.
The user presses the backward button. that's his problem.

Use the header ('Location: '. $ _ SERVER ['http _ referer']).