views:

25

answers:

2

I have a written a blog using php and mysql which has a login feature. When you are logged out and hit back it should not show the features of a member since you are no longer logged in. How do I correct it so that when a user is no longer logged in and hit back button, the previous page should be in the state before he logged in?

A: 

This is a browser feature. But don't worry, you won't be able to actually do any admin-level stuff if you're not actually logged in. If you wanted, you could fire off a request to the server via javascript to ask if the user is logged in upon loading a page. If that request comes back false, you can hide the admin controls, or redirect the user to the index page.

You could explicitly state in code that you wish to not cache the pages, but that will slow down visitor-experience, and cause more overhead for your server. I don't think the ends justify the means in that particular solution.

Jonathan Sampson
Yea, I took care of it. But it doesn't look good.
Erika Gomez
+1  A: 

It's hard to discern what authentication mechanism you're using, but assuming this is a pure caching issue you can add the following statements to the beginning of all .php pages displayed while logged in.

header("Cache-Control: no-cache, must-revalidate");
header("Expires: Mon, 1 Jan 1970 05:00:00 GMT");

That should take care of caching issues. And make sure that you unset() the access variable you used to keep track of wether or not the user is logged in (in $_SESSION or similar).

kb