History Back Session Problem
Posted: Fri Sep 26, 2003 2:29 am
What have I done so far:
1) Login Page with post metod for user and password
- $HTTP_POST_VARS['user']
- $HTTP_POST_VARS['pass']
2) Autorization Page
- Verify if $_session['user'] is already loaded and $_session['pass']
- Verify if $HTTP_POST_VARS['user'] and $HTTP_POST_VARS['pass'] is loaded
3) Logout page
- Unset and destroy all sessions and redirect to mainpage
Results:
a) if both &_session['user'] and $HTTP_POST_VARS['user'] are empty that means the user accesed direct de autorization page redirect to login page
b) if $HTTP_POST_VARS['user'] is set and $_session['user'] is unset than
I am verifying the account to see if he's allowed
c) if $_session['user'] is set than he is authorized;
d) if logout click than redirect to a page where I unset the session and destroy themm than redirect to mainpage
My problem is:
Everything works out fine but if the user log out and than after this clicks back buton (history back) he will have the access to enter the authorized area without problem and somehow the sessions came back like they were before. Can someone tell me what to do in logout page that even if he clicks back buttons the session has to be not available anymore till he will pass one more time $HTTP_POST_VARS['user'] and $HTTP_POST_VARS['pass']?

1) Login Page with post metod for user and password
- $HTTP_POST_VARS['user']
- $HTTP_POST_VARS['pass']
2) Autorization Page
- Verify if $_session['user'] is already loaded and $_session['pass']
- Verify if $HTTP_POST_VARS['user'] and $HTTP_POST_VARS['pass'] is loaded
3) Logout page
- Unset and destroy all sessions and redirect to mainpage
Results:
a) if both &_session['user'] and $HTTP_POST_VARS['user'] are empty that means the user accesed direct de autorization page redirect to login page
b) if $HTTP_POST_VARS['user'] is set and $_session['user'] is unset than
I am verifying the account to see if he's allowed
c) if $_session['user'] is set than he is authorized;
d) if logout click than redirect to a page where I unset the session and destroy themm than redirect to mainpage
My problem is:
Everything works out fine but if the user log out and than after this clicks back buton (history back) he will have the access to enter the authorized area without problem and somehow the sessions came back like they were before. Can someone tell me what to do in logout page that even if he clicks back buttons the session has to be not available anymore till he will pass one more time $HTTP_POST_VARS['user'] and $HTTP_POST_VARS['pass']?