I have a protected page which shows data to logged in users only, once the user clicks logout link, it destroys the session data and redirect to another page. header('Location: login.php');
Now once the page is redirected to login.php, i can easily go to back page which was protected, and can see all information there and can stay on the page untill i refresh the browser or close it.
On the websites like Gmail, and many others, once you are logged in, you can not go to back page. How this can be implemented?
Thanks.
Edit: Sorry if its unclear, the protected page has few lines of code in the top to check if the session is set or not. if the session is not set then it should redirect to the other page. but the problem is that it doesnt check the session if i hit the back button on browser.
This behavior may be caused by the default caching settings of your browser/web server.
Whenever a user visits a protected page, try sending headers to prevent caching of the page:
This should usually cause any back-button presses to cause a complete reload of the page instead of loading it from the browser’s cache.