so the page protection code I finally got to work is working properly in all the browsers however with safari after I log out i can click the back button and get into the protected pages and change things, however once the submit button is hit or the page is left a second time, then the protection kicks in, however this is to late if someone has already made the changes that they want to. Anyone with any ideas to fix this? here is the code protecting the page:

<?php
session_start();
include 'conection_code.php';
if(isset($_SESSION['user_id']))
{
?>

Web page code is placed here, then there is an else statment.

<?php
}else
{
    echo "<br /><br /><br /><br />";
    echo "<strong><center>"."You Are Not Authorized To view This Page......<a href='admin.php'>Please Login First !!</a>"."</center></strong>";
}
?>

Hi GrapficRegret,

Have you checked the script file where you accept the changes(data) if it also has protection not to process incomming data if they're not authenticated and authorized?

they shouldnt be able to get back to the page to begin with, i will try adding validation to the insert script too but that still doesnt solve that they should not be able to get to the page with the back button to begin with, thanks for the advice

Yup, they shouldn't, I think the one that was reloaded was a cached page. I was refering to the "changed things" you were referring to; I pressumed there were writing on either your DB or some data storage.
Anyway, you can control the way the browser caches your pages. But then it will be a pain in the ass for the server if not configured well.

changes
I forgot to tell you about the PRG pattern. Try to use it to avoid refresh problem with form resubmission. Here's a reference to get you started:
PRG pattern

ok thank you I will check that out, however it is still not working right, is there any way to force the page to refresh just once after hitting the back button? then the problem would be solved.

is there any way to force the page to refresh just once after hitting the back button?

In PHP, none. :)

thats ok I just needed to add onUnload="window.addEventListener("unload", invalidateBackCache, true), into the body tag, thanks for your time.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.