I have a logout script where I'm trying to clear all session data. Whenever I do this i can navigated back to any page and the variables are still being used.
<?php
session_start();
session_destroy();
header('Location: index.php');
?>
-
Pressing back will usually show a cached version of the page. Refreshing on that cached page, which makes a new request, should show as logged out.Jonathan– Jonathan2018-07-12 00:30:53 +00:00Commented Jul 12, 2018 at 0:30
-
you are right it is cached.TheDizzle– TheDizzle2018-07-12 00:32:31 +00:00Commented Jul 12, 2018 at 0:32
-
Have a look at:: stackoverflow.com/questions/31735428/… It probably will answer your question.Nadav– Nadav2018-07-12 00:44:52 +00:00Commented Jul 12, 2018 at 0:44
Add a comment
|
1 Answer
You should disable the cache on the pages that change on login
header("Cache-Control: no-cache, no-store, must-revalidate"); // HTTP 1.1.
header("Pragma: no-cache"); // HTTP 1.0.
header("Expires: 0 "); // Proxies.
This code is from prevent browser back button cache.
