Home/ Questions/Q 6772691
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T15:34:42+00:00

i found these questions, where the op has the same problem than me. 1

  • 0

i found these questions, where the op has the same problem than me.

1 2

However, i can’t solve my problem. The user press logout button, then the page is redirected to index.php, but the back button in browser redirects the page to the previous content (protected by login).

After refresh, all works well, the back button stops to work -> the user is redirected to login form.

php file

<?php
header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT");    // Date in the past
header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header ("Cache-Control: no-cache, must-revalidate");  // HTTP/1.1
header ("Pragma: no-cache");

if(empty($_COOKIE['first_name'])) {
    header("Location:index.php");
    exit();
}

if(isset($_GET['logout'])) {
    setcookie ("first_name", "", time() - 3600);
    unset($_COOKIE);
    header("Location:index.php");
    exit();
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html> 
<head>   
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
</head>
<body>

    <a href="?logout">logout</a>

</body>
</html>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Even though the user can press the back button and see the previous page which was protected by login, doesn’t mean the user is logged in again. They can’t do anything – it is just a static copy of a page they previously viewed.

    It is normal behaviour that the user can press the back button and see previous pages, and sites should not attempt to break this. It is a browser feature.

    In most circumstances, it is safe to allow the back button to operate normally even while a user is logged in. Breaking the back button while a user is logged in would have bad usability consequences for the user. In order to prevent a user returning to a page after logging out, you’d have to make sure all pages they view while logged in cannot be returned to with the back button, which breaks the back button for their entire session.

    There are methods you can use to try and disable the back button for logged in sessions, such as by declaring a page to be uncacheable (and unstorable). These may or may not offer varying degrees of protection against back button use. There are plenty of other questions on stackoverflow about disabling the back button – if you want to ignore advice and try to prevent it, please check it out.

    • 0