Home/ Questions/Q 4019724
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T10:08:25+00:00

I have created login functionality on my site, and when I click logout the

  • 0

I have created login functionality on my site, and when I click logout the page redirects and destroys session, which is fine.

However when I click the back button I can still view the page. If I refresh it, then it will redirect me to login as the session has been destroyed and the user does not have access to the page like expected.

Is there a way I can prevent the user from being able to view the page when they click the back button?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Try to perform a 

    header( 'Location: http://mySerbver.com/anURL' );

    after you did destroy the session. This makes returning to the previous page at least a bit more complicated. To go back, user has to click back twice.

    If you’d like to make it even more complicated, perform

    header( ‘Location: http://mySerbver.com/myScript.php?onceMore=yes‘ );

    and if the myScript.php finds

     isset( $_GET[ 'onceMore' ] )

    then perform 

     header( 'Location: http://mySerbver.com/myScript.php' );

    once again.

    myScript.php:

    <?php

  // Force the browser to redirect once again
  if ( isset( $_GET[ 'onceMore' ] ) {
    header( 'Location: http://mySerbver.com/myScript.php' );
  }

  // else continue with normal stuff.
 ...

    Additionally, it might be of help to instruct the browser to not cache pages:

    header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");   // date in past

    Please note, that browser may or may not respect this header. Thus, you probably need to send further cache related headers.

    • 0