Hi guys,
Here I got a problem that my session expired is not secure I think..
I use this code, but user can click button back and go to previous page. Means session not destroy..
May I know why its happen. Within 15 min it will be logout but user can go the previous page by click button back. No
need to login..What I want here, that user must login again because system will destroyed within 15 min.
Anybody can help me??
<?php
header("Expires: Sat, 01 Jan 2020 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter("must-revalidate");
if(!isset($_SESSION['username']))
{
session_destroy();
unset($_SESSION['username']);
header('Location: index.php');
exit;
}
else
header( "refresh:900;url=index.php" );//auto logout(15minutes)
?>