php cache mistake

Question

I have single page in my control panel user which need secret code to access.

My sequence for doing this are :

1. go to "secret code request page" with a parameter which page i want to access.
2. check the secret code, if correct then fill the session variable with "hashed page name"
3. redirect to page i want to access.
4. this page check the "hashed session" whether match or not with this "page name"
5. if match, clear the session and show the entire page, if mismatch then redirect to initial page.

The problem is : at step 4, the page sometimes read the late session update. sometimes it shows no value, but many times it shows the correct value and if I refresh the page, the session still have correct hashed data (at step 5, if match, i already clear the session variable), howcome?

i try to change the session variable with data record with mysql, but i got same result. the phpmyadmin shows the record already set, but the page shows no data set. and otherwise, after record deleted, the page still shows the previous record value.

is this means a problem with the cache? i also did the header no cache such as :

    header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
    header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
    header('Cache-Control: no-store, no-cache, must-revalidate');
    header('Cache-Control: post-check=0, pre-check=0', false);
    header('Pragma: no-cache');

but still same result i got. any suggestion guys?

updates : If i keep refreshing the page, after maybe 3 or 5 refreshed, it shows the correct value. how to make it realtime? so then if the session set, the page can directly check the value set, and if the session cleared, so the page will ask the secret code.?

Answer 1

dump out the session in step 4: print_r($_SESSION) to see if it's set or not. If not, you need to set it in Step 2 before you make the redirect.

Also don't forget to call session_start() on every file.