PHP Session Logout

mwhite

Hi,

I have a site that uses session variables to show that a user is logged in. When the user logs out the session variables are unset and the session destroyed. However if I step back using the browser back button I can still go back to the page prior to logout. How can I prevent this?

Thanks,

Malcolm

Roger_Ramjet

//--- LOG OUT button clicked --------------------------------------------------
if (isset($_REQUEST['log_out'])) {  

	// Unset all of the session variables.
	$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (isset($_COOKIE[session_name()])) {
	setcookie(session_name(), '', time()-42000, '/');
}

// Finally, destroy the session.
session_destroy();
}
//--- END LOG OUT ------------------------------------------------------------

PS: I've used $_REQUEST as it covers both GET and POST, choose whichever suits you