Destroy session on navigate away?

Chris_96_WS6

Trying to figure out how to prevent a user from using the "back" button to go back into an application after they have navigated away.

Right now the session isn't destroyed until the browser is closed.

wilku

"navigated away" - what do you mean by that?
The proper way to leave an application that require logging in to see restricted information, is to log out (where you can call [man]session_destroy[/man]). If user walks out of a page without it, session data is preserved. You can control for how long a session cookie is kept by the browser with [man]session_set_cookie_params[/man], to make sure that after lets say after 15 minutes of inactivity session is ended.
There is some body onLoad counterpart (onUnload?) in javascript, where you can trigger some action on leaving the page (I've seen something like this done on my online banking page - when you try to leave without logging out - it gives you a msgbox and logs you out, but I didn't checked how it works)

Chris_96_WS6

Thanks, that's a good direction at least. I do have a log out, but trying for security reasons to prevent "go backs" by unathorized folks in case the user is negligent enough to leave his/her browser up.

Seems pretty obvious after having thought about it all day it would probably have to be a client side action.

OwenTheSamoan

You may want to try a little javascript. I found that this will erase from history the page the person was on and will not let him or her back space into it again