Page 1 of 1

Back button - working after Logout

Posted: Thu Jun 09, 2005 6:40 am
by francisrobinson
Dear Friends,

I am having a problem with back button in the PHP project. I have logged out (destroyed the sessions) after that when I click on Back button in browser, it's going to the previous page.But It suppose to don't go to the page.Because I have given session validation there.I am using IE5.0..

Any one pls send a reply to solve my problem..

thanks,
Francis

Posted: Thu Jun 09, 2005 7:11 am
by shiznatix
post your code

Posted: Thu Jun 09, 2005 7:25 am
by Syranide
try pressing F5 (refreshing the page), it is very likely that you are just watching a cached page.

Posted: Thu Jun 09, 2005 10:27 am
by pickle
Ya, you're just viewing a cached page. However, that's likely still going to be a problem for you as that cached page might contain sensitive information.

In my experience, sending these 3 headers stops all caching:

Code: Select all

header("Cache-control: no-cache");
header("Pragma: no-cache");
header("Expires: 0");

Posted: Thu Jun 09, 2005 10:40 am
by Burrito
sending those headers should definitely help.

another thing I do as a failsafe (only works if they have js enabled) is add a history.forward() so they simply "can't" go back.

ie:

Code: Select all

<? if(isset($logout)){
unset($_SESSION['var']);
//continue unsetting the session vars...
?>
<script>

window.history.forward(1);
location = "login.php";

</script>
<?} // end if for need to log out ?>

Posted: Thu Jun 09, 2005 11:00 am
by anjanesh
For cache :

Code: Select all

header('Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0');
For logging out - destroy all session traces - including those stored in cookies if any.

Code: Select all

session_start();
session_unset();
$_SESSION = array();
session_destroy();
setcookie(session_name(),"",0,"/"); // Destrying Session info from user's PC