header("Cache-Control: no-store, no-cache, must-revalidate");
Where do i put this, anywhere in the middle of the script it does nothing, do i use it upon redirection for instance somehow integrate it with Location:
if so how would it look like?
header("Location: http://site.com","Cache-Control: no-store, no-cache, must-revalidate");
or
header("Location: http://site.com,Cache-Control: no-store, no-cache, must-revalidate");
thanks... i am trying to disallow people from pressing the "Back" button on top of their browser...
Advanced header tags and usage
Moderator: General Moderators
I know it wasn't your question, but ...
Here's another vote against breaking the back button. I did it in my first application. Thought I had a great and wonderful reason for it, but it annoyed the users greatly and I'm still trying to undo some of that damage.
If you are worried about back button/reloads doing funny things in the database, the "right" thing to do is to develop some system often using a "nonce" to make sure that only the first page view of a given instance of page generates a "hit". A "nonce" means "not more than once".
One way of dealing with this (I'm not saying this is the best way, just an example):
Use your database auto increment/serial field to issue a unique id/nonce to each outgoing link within your site on each page view. On a page transition check if the nonce is marked as used in your database. If its used, simply display the page without re-entering the data. If its not used, do the regular database work and then mark the nonce used (within a transaction if your DB supports it).
Here's another vote against breaking the back button. I did it in my first application. Thought I had a great and wonderful reason for it, but it annoyed the users greatly and I'm still trying to undo some of that damage.
If you are worried about back button/reloads doing funny things in the database, the "right" thing to do is to develop some system often using a "nonce" to make sure that only the first page view of a given instance of page generates a "hit". A "nonce" means "not more than once".
One way of dealing with this (I'm not saying this is the best way, just an example):
Use your database auto increment/serial field to issue a unique id/nonce to each outgoing link within your site on each page view. On a page transition check if the nonce is marked as used in your database. If its used, simply display the page without re-entering the data. If its not used, do the regular database work and then mark the nonce used (within a transaction if your DB supports it).