After logging out and pressing back button the same page is showing in PHP

Question

I m using php with session. after logging out it is redirecting to the login page but after pressing back button it is again showing me the page without login . how can I solve this problem. Thanks in advance

index.php

<form style="padding-left: 50px; padding-right: 50px;" action="func.php" method="post">
  <label for="uname" style="color:white;"><b>Username</b></label>
  <input type="text" placeholder="Enter Username" name="uname" style="border-radius: 10px;" required>

  <label for="psw" style="color:white;"><b>Password</b></label>
  <input type="password" placeholder="Enter Password" name="psw" style="border-radius: 10px;" required>

  <button type="submit" name="login_submit" class="b1">Login</button>
</form>

func.php

<?php                                                        
session_start();  
$con=mysqli_connect("localhost","root","","forestdb"); 
if(isset($_POST['login_submit'])){                     
$username=$_POST['uname'];                           
$password=$_POST['psw'];                                       
$query="select * from login where username='$username' and password='$password';";                        
$result=mysqli_query($con,$query); 
if(mysqli_num_rows($result)==1)
{
    $_SESSION['username']=1;
    header("Location:create_journal.php");
}
else{
    echo "<script>alert('Enter Correct Details!!')</script>";
    echo "<script>window.open('index.php', '_self')</script>";
}
}
?>

create_journal.php

<li><a href="logout.php" style="color:white;"  onmouseover='this.style.color="#08367f"' onmouseout='this.style.color="white"'><span class="glyphicon glyphicon-log-out"></span> Logout</a></li>

logout.php

<?php                                                        
session_start();                                           
session_destroy();                              
header("Location:index.php");                                               
?>

Answer 1

For that, you must have to use a session tag in your code.

with the login your session must be start with

// start the session 
session_start(); 

and your session destroy with the logout.

// destroy the session 
session_destroy(); 

with the use of this you can resolve your problem.

You can better understand from: https://www.w3schools.com/php/php_sessions.asp

Answer 2

First and foremost, your code is very succeptible to SQL injection, use prepared statements and read what is said here.

Second it appears that you are not checking if the $_SESSION['username'] is set, which means that, if you know the url you want to go to, you can get to the page without having to log in, which in turn means that you can go back one page and you will see the exact same thing.