Member Avatar for HasNor

Hi guys,

Here I got a problem that my session expired is not secure I think..
I use this code, but user can click button back and go to previous page. Means session not destroy..
May I know why its happen. Within 15 min it will be logout but user can go the previous page by click button back. No
need to login..What I want here, that user must login again because system will destroyed within 15 min.
Anybody can help me??

<?php
header("Expires: Sat, 01 Jan 2020 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter("must-revalidate");

if(!isset($_SESSION['username']))
{

        session_destroy();
        unset($_SESSION['username']);
        header('Location: index.php');
        exit;

}
else
header( "refresh:900;url=index.php" );//auto logout(15minutes)

?>
Edited by Dani because: Formatting fixed
  • 4 Contributors
  • 4 Replies
  • 168 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by HasNor
Member Avatar for pritaeas

Because clicking the back button will take the page from the browser's cache, without actually reloading the page.

Member Avatar for diafol

I remember once using

session_start();
session_destroy();
session_start();

due to some problem or other. Don't know if this is useful?

Member Avatar for CoursesWeb

Hi,
When the back button is clicked, the browser check to load the page from cache.
Try add these meta tags in the Head zone of the HTML code, that tell the browser to not cache the page.

<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
Member Avatar for HasNor

Thanks guys..
hurm, t've tried that way but still reload the previous page..how can i do??
i'm blur.. :(

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.