When a user logs out of my site, they are taken to logout.php. After the sessions are destroyed, they are redirected to a new page. If the back button is pressed, they are taken back to account.php, and user information on the page is still displayed. However, if I hit refresh, the page then recognizes that no sessions are set and the page is locked out. I need the page to display no information when the back button is pressed, and cannot use JavaScript to do this. This problem seems persistent in Safari.
Here is my logout.php:
// *** Logout the current user.
$logoutGoTo = "../login/index.php?i=logout";
if (!isset($_SESSION)) {
session_start();
}
$_SESSION['CM_Username'] = NULL;
$_SESSION['CM_UserGroup'] = NULL;
unset($_SESSION['CM_Username']);
unset($_SESSION['CM_UserGroup']);
if ($logoutGoTo != "") {header("Location: $logoutGoTo");
exit;
}
Here is the PHP headers that I have placed. I found these from another posting on this site:
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Cache-Control: no-cache");
header("Pragma: no-cache");
As I stated above this code does not work in Safari, it works fine in Chrome and FireFox.
How can I fix this problem using only PHP?
Thank you in advance!
