Security issue in PHP after logging in (using codeigniter)

Question

I am using CodeIgniter to build an admin system. But I am having a problem regarding security.

Let me give an example: A user succesfully logged in and gets redirected to the main page of the admin system. Now that users presses the "BACK" button in his browser. He now gets send back to the login page. He now presses the "NEXT" button and get send back to the main page of the admin system.

I don't want users to be able to get send back to main page of the admin system once they are at the login page after they are logged in. How can I achieve this.

Thanks in Advance,
Mark

EDIT:
Thanks for all the ideas, but no works for me. What I meant was, that when someone logs in he gets redirected to the main page of the system. Then he clickes on the "back" button that is left of the url bar at the top of the browser.

Answer 1

PHP will returns to the login page if it exists on cache and will not actually reloads from server, So we need to force PHP to load it from server when comes to the login page check. So you can use,

header("Cache-Control: no-cache, must-revalidate");

if(isset($_SESSION['user']))
{
      //Write your redirect code
}
else
{
      //Redirect to login page
}

in the page where you are check whether login exists or not. So that PHP will reloads each time from the server without loading from cache. And if session exists, you will be resirected to the corresponding page

Answer 2

Try clearing cache on login page How to clear browser cache with php? , check if user is authorized and redirect him if $authorized==true.

you can check authorization via checking SESSION or cookies or else...

Answer 3

Simply use sessions on login page:

if(isset($_SESSION['admin_loggedin'])){
header("location: admin_index.php");
exit();
}

Answer 4

Have your login page first check to see if the user is already logged in by checking the session.

If the user IS logged in, use a php redirect such as header (“Location: $URL”); where $URL is your main page.