I have a logout script where I'm trying to clear all session data. Whenever I do this i can navigated back to any page and the variables are still being used.
<?php
session_start();
session_destroy();
header('Location: index.php');
?>
Asked
Active
Viewed 82 times
0
TheDizzle
- 1,534
- 5
- 33
- 76
-
Pressing back will usually show a cached version of the page. Refreshing on that cached page, which makes a new request, should show as logged out. – Jonathan Jul 12 '18 at 00:30
-
you are right it is cached. – TheDizzle Jul 12 '18 at 00:32
-
Have a look at:: https://stackoverflow.com/questions/31735428/prevent-browser-back-button-cache It probably will answer your question. – Nadav Jul 12 '18 at 00:44
1 Answers
1
You should disable the cache on the pages that change on login
header("Cache-Control: no-cache, no-store, must-revalidate"); // HTTP 1.1.
header("Pragma: no-cache"); // HTTP 1.0.
header("Expires: 0 "); // Proxies.
This code is from prevent browser back button cache.
Samyok Nepal
- 535
- 3
- 15