Reload the page on hitting back button

tushar picture tushar · Sep 5, 2010 · Viewed 30.9k times · Source

I have a webpage that requires login. Once a user has logged in I start the session and once he logs out I destroy it, but when I press the back page it gives me the user profile page again which ideally should not be the case as the user has logged out. However, it works fine if I reload the page after logging out.

It's a local chatroom where everybody online and logged in can chat together. There are three pages: login.php, auth.php, logout.php

login.php is the common login page containg a form. auth.php has a div displaying all previous chats up til now, a textbox and share button on clicking which a form is sent again to auth.php so everytime the form is posted the chatpost is sent to database and auth is reloaded with the latest database within the chat div..

Now the problem is once I logout I unset all the variables and destroy the session but even then if I hit the back button in browser (Safari), the previous version of auth.php without the last chat entry is visible which ideally should not as the session is destroyed. I have put a session validation in auth.php, so basically I want the auth.php to reload of the user visits it after logging out as reloading auth.php displays that "you are not logged in"

i have tried

<?php header("Cache-Control: no-cache");
header("Pragma: no-cache");
?>
and
<head>
<meta http-equiv='Pragma' content='no-cache'>
<meta http-equiv='Expires' content='-1'>
</head>

Sorry for the lengthy question but I really need help on this.

Answer

Marco Demaio picture Marco Demaio · May 22, 2011
header("Expires: Thu, 19 Nov 1981 08:52:00 GMT"); //Date in the past
header("Cache-Control: no-store, no-cache, must-revalidate"); //HTTP/1.1

This works for me on FF3.6, IE7, IE8, Chrome5 (when hitting browser's back/forth button the page is always RELOADED)

Another solution is to send exactly the same headers sent by session_start() function, very similar to the ones above, but even more rich:

header("Expires: Thu, 19 Nov 1981 08:52:00 GMT"); //Date in the past
header("Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0"); //HTTP/1.1
header("Pragma: no-cache");

NOTE: also the order shown here is the SAME as the order sent by session_start() (you can test this with HttpFox addon for FF)