piyush piyush - 11 months ago 73
PHP Question

Prevent back button after logout

I don't want the user to go back to secured pages by clicking back button after logging out. In my logout code, I am unsetting the sessions and redirecting to login page.But, I think the browser is caching the page so it becomes visible despite the session being destroyed from logout.

I am able to avoid this by not allowing the browser to cache

header("Cache-Control", "no-cache, no-store, must-revalidate")

But this way I am loosing the advantage of Browser Caching.

Please suggest a better way of achieving this. I feel, there must be a way of handling this by javascript client side


Implement this in PHP and not javascript.

At the top of each page, check to see if the user is logged in. If not, they should be redirected to a login page:

      if(!isset($_SESSION['logged_in'])) : 
      header("Location: login.php");  

As you mentioned, on logout, simply unset the logged_in session variable, and destroy the session:


If the user clicks back now, no logged_in session variable will be available, and the page will not load.