Back button - working after Logout

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
francisrobinson
Forum Newbie
Posts: 1
Joined: Thu Jun 09, 2005 6:32 am

Back button - working after Logout

Post by francisrobinson »

Dear Friends,

I am having a problem with back button in the PHP project. I have logged out (destroyed the sessions) after that when I click on Back button in browser, it's going to the previous page.But It suppose to don't go to the page.Because I have given session validation there.I am using IE5.0..

Any one pls send a reply to solve my problem..

thanks,
Francis
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

post your code
Syranide
Forum Contributor
Posts: 281
Joined: Fri May 20, 2005 3:16 pm
Location: Sweden

Post by Syranide »

try pressing F5 (refreshing the page), it is very likely that you are just watching a cached page.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Ya, you're just viewing a cached page. However, that's likely still going to be a problem for you as that cached page might contain sensitive information.

In my experience, sending these 3 headers stops all caching:

Code: Select all

header("Cache-control: no-cache");
header("Pragma: no-cache");
header("Expires: 0");
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

sending those headers should definitely help.

another thing I do as a failsafe (only works if they have js enabled) is add a history.forward() so they simply "can't" go back.

ie:

Code: Select all

<? if(isset($logout)){
unset($_SESSION['var']);
//continue unsetting the session vars...
?>
<script>

window.history.forward(1);
location = "login.php";

</script>
<?} // end if for need to log out ?>
User avatar
anjanesh
DevNet Resident
Posts: 1679
Joined: Sat Dec 06, 2003 9:52 pm
Location: Mumbai, India

Post by anjanesh »

For cache :

Code: Select all

header('Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0');
For logging out - destroy all session traces - including those stored in cookies if any.

Code: Select all

session_start();
session_unset();
$_SESSION = array();
session_destroy();
setcookie(session_name(),"",0,"/"); // Destrying Session info from user's PC
Post Reply