Hi,
I have an application that uses sessions to allow customers to access a restricted
area. That is, they are prompted for a user login and password. I then use sessions
to track each customer. At the top of each page, I have placed the following PHP code:
session_cache_limiter('Cache-control: private');
session_start();
Everything works fine. However, I have a logout link that when clicked, runs the
following PHP code (where userid is the login name):
session_cache_limiter('nocache');
if (isset($HTTP_SESSION_VARS['userid'])) {
$HTTP_SESSION_VARS['userid'] = '';
session_unregister($HTTP_SESSION_VARS['userid']);
}
session_unset();
session_destroy();
Header('Location: ' . 'http://www.lclnav.com' . $globals->relative_path .
'customerlogin_standard.html');
I think the above is all that is needed to end the session. I use the Header()
function to take the user back to the login page.
Here is my question: Once I click on the "logout" link and am taken back to the main
login page, I can click on the browser BACK button and still get my previous page 'as
if I was still logged in'. Please note that clicking on REFRESH tells me that I am
not really logged in.
I know that browsers cache pages and there may not be anything I can do, however, I
have seen sites that seem to work around this; i.e.., clicking on the back button
loads a pages telling the user that they are no longer logged in. This is what I want
to emulate. Is there a PHP method to always force a reload the first time a page is
called?
Thanks,
Don
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003
