User can back into password protected page ?

developer

Hello!

I do have:
-a password login page
-check password page(cookie is set here if password is correct)
-a main page
-and a logout page.( make cookie old here)

At the top of the main page there is a check if the session is active or not.

On the logout page I do have

setcookie("abcdef", "",time()-60);

But, after logout a user can still use the BACK button in the browser and see the main page( he can not do anything there since the cookie is cleaned out). 🙁

( I do understand that a session is probably better to use than a cookie, but that do not affect my problem here.)

Thankful for help.

drawmack

check out the no-cache pragma in html http://www.echoecho.com

also check out expiring pages in php http://www.php.net/manual/en

developer

Thanks for the help.

I found this helpful also, found it some minutes ago

http://piaas.net/tutorials/nocache.php