Hello,
I use session variables to restrict what a user can do until they log-in. When a user has logged-in, done what they need to, they can then click "logout". I then use the following to unregister any session variables and then destroy the session:
<?php
session_start();
session_unset();
session_destroy();
?>
It seems to work if I revisit the page explicity (i.e. via the Address Bar) but if I hit the "Back" button on my browser I can access past pages and do exactly what I want as though I were logged back in! Where have I gone wrong?
Any pointers greatly appreciated!
Jake
