Pressing Back after Logout re-logs in!

jdog

I'm having a problem with my php script. My access control is embedded into each page that requires authentication. If the user id/pwd is not set and the POST vars userid and pwd are not set, then I display the login form. The login form action simply reloads the "self" page, which will now have userid and pwd POST vars set.

My problem, is that if you log off, then click the back button, Firefox (and probably IE too) asks if you want to re-post form data. If you click yes, then it just logs you right back in! Obviously a major security flaw! In the logout php page, I do this:

$POST = array();
session_start();
session_unset();
$SESSION = array();
session_destroy();

I'm not sure what I need to do to make it work the way I want. how do I get the browser to not let the user re-post form data when they go back?

Any help greatly appreciated!

Thanks
jdog

Johannes80

try
$SESSION['userid'] = null;
$SESSION['usernaam'] = null;
$_SESSION['passhash'] = null;
or like that...

and maybe delete cookies... (set by php.ini)