As part of this php login and redirect software I have a piece of code I need to add to the beginning of every page to be secured.
It lets a user on perfectly if they have valid user login information, but if they go to another ‘secured’ page and attempt to revisit the original page (or just copy and paste its address in a new tab to visit) it goes to a denied access screen.

Does this error occur because theres something wrong with the session cache headers or is it some deeper problem?

It currently looks like this:

 <?php
session_start();
session_cache_limiter();
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);

require('config.php');

require('functions.php');

//this is group name or username of the group or person that you wish to allow access     to
// - please be advise that the Administrators Groups has access to all pages.
if (allow_access(Users) != "yes")
{
include ('/home/folder/public_html/members/no_access.php');
exit;
}
?>

I’ve tried changing the headers from other people’s questions etc but it doesnt change the problem. I’ve also looked at any relevant links and made sure they are not broken etc.

The allow access function seems to be this:

function allow_access($group)
{
        if ($_SESSION[group1] == "$group" || $_SESSION[group2] == "$group" || $_SESSION[group3] == "$group" ||
                $_SESSION[group1] == "Administrators" || $_SESSION[group2] == "Administrators" || $_SESSION[group3] == "Administrators" ||
                $_SESSION[user_name] == "$group")
                {
                        $allowed = "yes";
                }else{
                        $allowed = "no";
                }
        return $allowed;
}