0

Hi guys,

Here I got a problem that my session expired is not secure I think..
I use this code, but user can click button back and go to previous page. Means session not destroy..
May I know why its happen. Within 15 min it will be logout but user can go the previous page by click button back. No
need to login..What I want here, that user must login again because system will destroyed within 15 min.
Anybody can help me??

<?php
header("Expires: Sat, 01 Jan 2020 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter("must-revalidate");

if(!isset($_SESSION['username']))
{

        session_destroy();
        unset($_SESSION['username']);
        header('Location: index.php');
        exit;

}
else
header( "refresh:900;url=index.php" );//auto logout(15minutes)

?>

Edited by Dani: Formatting fixed

4
Contributors
4
Replies
5
Views
5 Years
Discussion Span
Last Post by HasNor
0

Because clicking the back button will take the page from the browser's cache, without actually reloading the page.

0

I remember once using

session_start();
session_destroy();
session_start();

due to some problem or other. Don't know if this is useful?

0

Hi,
When the back button is clicked, the browser check to load the page from cache.
Try add these meta tags in the Head zone of the HTML code, that tell the browser to not cache the page.

<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
0

Thanks guys..
hurm, t've tried that way but still reload the previous page..how can i do??
i'm blur.. :(

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.