My question concerns the administration side of the site. (The database is only accessed by the administrators - not viewers of site)
When the administrators want to edit their web pages they have to enter a password which allows them access to various parts of the site dependent on the level of access they have which is stored in a session variable.
What I want is to make sure that when their session is ended (after the default 20min), some other staff member can't hit the back button and access their pages.
I had a solution, but this involved not allowing any history access at all, whereas I want them to be able to access the history only if their session is not yet finished.