Hi,

I have created logout.php page which destroys all the session variables. Basically i want the the user to get directed to the Login page after logout button is pressed. But when the BACK button of the browser is pressed(even after logout), the user is still able to see other web pages.

How can i always direct Back button of the browser to Login page if the user has logged out?

Don't try to code the BACK button, instead, use something like this at the head of every page:

if(!isset($_SESSION['login']))header("Location: http://www.example.com/login.php");

Although you could use a relative or even absolute reference with header, I think I read somewhere that you should use the full url. Would cause a problem if testing both locally and remotely though. You could use:

if(!isset($_SESSION['login']))header("Location: {$_SERVER['HTTP_HOST']}/login.php");

to enable the same code to run on local, testing and remote servers

However, I've used absolute references in the past without any ill effects, but I guess some other contributors here could give you good reasons why you shouldn't do this.

This question has already been answered. Start a new discussion instead.