Jean-Christian Imbeault wrote:
1- user logs in
2- user goes to restricted area
3- user views pages, orders an item, changes his account settings, etc ...
4- user logs out
5- user is sent to log out page
6- user hits back button ...
And here my problems start ... even though the user has logged out, all
the "restricted" pages he saw are still cached by his browser and
accessible ...
I have tried using a script that checks a session variable that
indicates if a user is logged in or not and take appropriate action at
the start of all "restricted" pages, but that doesn't work since when
the user hits the back button, the PHP script is not re-executed, the
page is simply loaded from the browser cache.
What are some PHP techniques I could use so that a user can no longer
access/use pages once he has logged out?
I adives to make sure the browser doesn't cache it *at all*.
This can be done using (one, or more) of the following headers:
// HTTP 1.1 compliant:
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
// HTTP 1.0 compliant:
header("Pragma: no-cache");
Hope that helps,
- Tularis
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
