leatherback:
The problem still presists after the login - logout procedures.
Let's say User-A is quick enough to do the login. He sees the secure contents. Then he logs out. Now back to the login screen again. He leaves the computer. Then User-B comes to the computer and hits the Back button, boom! The secure contents are showing again without User-B submitting any login details. User-B doesn't even have to care about how quick he has to beat the login timer.
That's the problem.
EnVoid
THta doesn't make sense.
How do you keep track of a person being logged in?
If a person logs out, than, even with the back button, the user has to re-submit login details. Granted. These can be cached. So you add a variable in the submitted array, which is only valid for a few minutes. So after these minutes, the login procedure fails.
J.
leatherback:
You are right. I believe the login details are being cached. That's why I tried the expiry approach:
header ("Expires: Sun, 01 Nov 1970 00:00:00 GMT"); // Date in the past
header ("Last-Modified: " . gmdate ("D, d M Y H:i:s") . " GMT"); // Always modified
header ("Cache-Control: max-age=1, s-maxage=1, no-cache, must-revalidate"); // HTTP 1.1
header ("Pragma: no-cache");
header("Cache-Control: max-age=1, s-maxage=1, no-cache, must-revalidate");
session_cache_limiter("nocache");
But that doesn't help either...
How do you mean by adding a variable in the submitted array, which is only valid for a few minutes? I am pretty new to PHP. Please kindly explain in more details.
Thanks in advance.
EnVoid
The script I posted works for me with IE 6; it doesn't resubmit on the back button or ask if I want to resubmit the data, doesn't show any "protected" data, etc. So I don't know.
Installer:
Could it be someting to do with the PHP and MySQL settings on the server, or the server's cache settings?
If that's the case I'm afraid I have to give up...
EnVoid
Well, at least we tried to help. That's more than you can say for the other web sites you made multiple postings on.
Installer:
You are right, you guys have been very helpful. Thanks for your help. It is very much appreciated.
I might have to think of other approaches to resolve the problem or simply give it up.
One funny thing is, I tried logging out out from this forum. It says all cookies cleared. But if I hit the Back button, I am logged in again!
Same problem.
Is it just me or everyone is having the same problem too?
EnVoid
Installer.
Try back+refresh, script shows the secure content. It re-logins the user.
EnVoid
As far as forum logged-in is concerned. It shows that you are in logged-in state. But when you click of the secured area. It asks for the re-login.
Hope This helps.
joe2:
It re-logins the user.
As I said, it doesn't for me. I don't doubt it fails for others, I just don't know why.
EnVoid:
Good luck. Maybe someone else can help. I look forward to seeing you here again.
As for the forum cookies, you have to translate: "all cookies cleared" is pseudo-english for "some cookies cleared".
Hi envoid,
THe following two lines I saw in an othe rpost. Don't know what they do, might help:
Header("Cache-Control: must-revalidate");
header('Cache-Control: public');
J.
Thank you guys, Installer, leatherback and joe2. You guys have been very helpful.
Wish I could work it out some day.
Cheers,
EnVoid
leatherback:
Header("Cache-Control: must-revalidate");
header('Cache-Control: public');
I have tried this before, but no luck.
Thanks again.
EnVoid
I found easiest way to fix these issues here you need to follow the StackOverflow may it's working for guys.. here check out https://stackoverflow.com/questions/15226744/prevent-form-resubmission-upon-hitting-back-button
and how not working formulate you need to check these step from here also...https://www.skytechosting.com/confirm-page-resubmission/
Thanks, guys...
We need a feature here that, if someone responds to a thread that's more than X days/weeks/months old, you get a pop-up asking if you really want to submit, and then if it's more than Y months/old it asks you again, and if more than Z months old asks you again... 
[upl-image-preview url=https://board.phpbuilder.com/assets/files/2019-08-30/1567173236-582030-screen-shot-2019-08-30-at-95218-am.png]
And removes off-site links. Actually, vBulletin had a feature that didn't permit links for users in certain groups, and you could have an auto-promotion where noobs were promoted into a group that DID have link permissions after X days, or N posts, etc.
As for necrobumping (TIL: a new word! 
) there's this: https://discuss.flarum.org/d/18312-friendsofflarum-prevent-necrobumping
I've asked that the necrobumping extension be added here... We have it WebDev and have it set to pop up on posts older than 30 days...
It's hard to tell if or how much it helps because we still see old posts...
