PHP Prevent Page Returns After Logout

Question

PHP Prevent Page Returns After Logout

I have a secure page that shows login-only data, as soon as the user clicks the logout button, it destroys the session data and redirects to another page. header('Location: login.php');

Now, as soon as the page is redirected to login.php, I can easily go to the return page, which was protected, and can see all the information there and can remain on the page until I refresh the browser or close it.

On sites such as Gmail and many others, after logging in, you cannot return to the page. How can this be implemented? Thank.

Edit: Sorry if its unclear, there are a few lines of code on the protected page at the top to check if the session is established or not. if the session is not established, it should redirect to another page. but the problem is that it does not check the session if I click the back button in the browser.

+2

security php session

Roman Jul 11 '11 at 9:21

source share

3 answers

:

//Probably caused by back button... Check if logged-in...
if(!$_SESSION["usernameWhatever"])
{
    //Do not show protected data, redirect to login...
    header('Location: login.php');
}

//Show protected data...

, , , ...

, head :

<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">

+2

dpp 11 . '11 9:25

This code resolution issue

<?php
    echo("<script>location.href = './login.php';</script>");
?>

0

jhenya-d Jun 06 '15 at 15:53

source share

Jani Hartikainen · Accepted Answer · 2011-07-11T09:39:22+0000

This behavior may be caused by the default caching settings of your browser / web server.

Whenever a user visits a secure page, try sending headers to prevent page caching:

header('Cache-Control: no-cache, must-revalidate');
header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');

This usually leads to the fact that any click on the back button causes a full page reload, and not loading it from the browser cache.

PHP Prevent Page Returns After Logout

More articles: