php - How do I prevent users from being able to "back" into page from a destroyed session? -
i have created login functionality on site, , when click logout page redirects , destroys session, fine.
however when click button can still view page. if refresh it, redirect me login session has been destroyed , user not have access page expected.
is there way can prevent user being able view page when click button?
try perform
header( 'location: http://myserbver.com/anurl' ); after did destroy session. makes returning previous page @ least bit more complicated. go back, user has click twice.
if you'd make more complicated, perform
header( 'location: http://myserbver.com/myscript.php?oncemore=yes' );
and if myscript.php finds
isset( $_get[ 'oncemore' ] ) then perform
header( 'location: http://myserbver.com/myscript.php' ); once again.
myscript.php:
<?php // force browser redirect once again if ( isset( $_get[ 'oncemore' ] ) { header( 'location: http://myserbver.com/myscript.php' ); } // else continue normal stuff. ... additionally, might of instruct browser not cache pages:
header("cache-control: no-cache, must-revalidate"); // http/1.1 header("expires: sat, 26 jul 1997 05:00:00 gmt"); // date in past please note, browser may or may not respect header. thus, need send further cache related headers.
Comments
Post a Comment