Reputation: 35454
Hi I am working on a project (PHP-CodeIgniter, MySQL). In my application I am creating session for users data(userid, username) after successful login by the user and unset the session after signout.
"Here the main problem if i click on back button of browser I can able to see the previously visited pages in my application after signout also".
How can prevent this with codeigniter?
Thanks in advance
Upvotes: 1
Views: 4158
Reputation: 35454
Just add these lines in .htaccess
after RewriteEngine on
<Files *>
Header set Cache-Control: "private, pre-check=0, post-check=0, max-age=0"
Header set Expires: 0
Header set Pragma: no-cache
</Files>
I prefer this because we need to add this at only one place(.htaccess
) and it affect the entire application.
Upvotes: 0
Reputation: 1039
There are some JavaScript ways of stopping the use of the back button (as Raheel mentioned) but reliable control over this sort of behaviour could be tricky. If a user was on a page and could see it, there is nothing to stop them taking a screenshot, for example.
You should also make sure you are sending the correct headers to stop the page being cached:
$this->output->set_header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
$this->output->set_header("Cache-Control: no-store, no-cache, must-revalidate");
$this->output->set_header("Cache-Control: post-check=0, pre-check=0", false);
$this->output->set_header("Pragma: no-cache");
Source: http://codeigniter.com/forums/viewthread/137096/#675799
Even with this, I'm not sure if all browsers will obey the headers, but it's a good start.
Upvotes: 7
Reputation: 19882
When you are logged out although you can visit the previous page but can not perform an activity. If you perform any activity it should first redirect you to login page.
Upvotes: 1