PHP Session

fdost

I am using php session in php 4.3.1 and iis5.0.
There is a login page that user can enter name and password, and then all teh other page. if the session is expired or i log out. I can still get access to the session by clicking the back button n many times and refreshing the page. After trying it many times, i found out that I can only get back to the logged session if i go back to the page right after the login page(where the login data was posted and the script that validates teh data and sets session variables). Has anyone else experienced this? Any idea what i should do?
I tried unset($SESSION), unset($POST) and destroy_session();

thanks

farzana

xeq

If you go back to the page the session was created and the the submitted data is still stored (e.g. in the url) when you reload the page, the data will be validated once again and a new session will be created.

fdost

Thanks for your replay...but don't you think that is a bug?
I am using POST, this means that if someone else uses my computer after me using my site...they will be able to access my site with my leftover or whatever data.

I also added the meta tag no cache in my login and other files. and reset the POST variable.
There has to be a way around this, otherwise PHP session management can be dangerous.

Any suggestions????