destroying session??

mailtome · 2004-08-03T11:09:26+00:00

Hi I have a simple login & logout script: login.php <?php session_start(); $SESSION["username"]=$POST["username"]; ?> logout.php <?php sessio...

destroying session??

mailtome

Hi
I have a simple login & logout script:

logout.php

<?php
session_start();
session_unset();
session_destroy();
?>

Now the problem:
When the user clicks the back button on the browser after the logout script, he appears to be logged in again.I think the browser caches the info. How can this be overcomed?? Please help.

fredouille

unset($_SESSION[username']);

mailtome

No ,
unset($_SESSION['username']);
doesnt works

TheBB

If you don't want the client browser to cache your pages, you can send a header that tells it not to. I don't remember excactly what the header looked like, though.

MarkR

You can't stop "back" from showing cached pages. But they won't be able to continue to other pages after they're logged out.

Mark

mailtome

But I want browser not to show cached pages.
Is there some way by which i can remove cached pages??

stevesweetland

you can set your page headers so they expire, but this can only be done BEFORE your session expires.

put this at the top of any page you dont want to be re-viewable, and once you exit the session, in theory, you shouldnt be able to go back to the page without re-posting data, and then (with ur security) logging in....

two functions iv found very helpful in my days of php devving :

function dontexpire(){
    Header("Expires: Mon, 26 Jul 2010 05:00:00 GMT");
    Header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
    Header("Cache-Control: public");
};

function expire(){
    Header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
    Header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
    Header("Cache-Control: no-cache, must-revalidate");
    Header("Pragma: no-cache");
};

just call them at the top of your page, before you output any data.