History Back Session Problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
AndiOliver
Forum Newbie
Posts: 1
Joined: Fri Sep 26, 2003 2:29 am
Location: Giurgiu/Romania
Contact:

History Back Session Problem

Post by AndiOliver »

What have I done so far:
1) Login Page with post metod for user and password
- $HTTP_POST_VARS['user']
- $HTTP_POST_VARS['pass']
2) Autorization Page
- Verify if $_session['user'] is already loaded and $_session['pass']
- Verify if $HTTP_POST_VARS['user'] and $HTTP_POST_VARS['pass'] is loaded
3) Logout page
- Unset and destroy all sessions and redirect to mainpage

Results:
a) if both &_session['user'] and $HTTP_POST_VARS['user'] are empty that means the user accesed direct de autorization page redirect to login page
b) if $HTTP_POST_VARS['user'] is set and $_session['user'] is unset than
I am verifying the account to see if he's allowed
c) if $_session['user'] is set than he is authorized;
d) if logout click than redirect to a page where I unset the session and destroy themm than redirect to mainpage

My problem is:
Everything works out fine but if the user log out and than after this clicks back buton (history back) he will have the access to enter the authorized area without problem and somehow the sessions came back like they were before. Can someone tell me what to do in logout page that even if he clicks back buttons the session has to be not available anymore till he will pass one more time $HTTP_POST_VARS['user'] and $HTTP_POST_VARS['pass']?
:?:
Post Reply