after logout back page in code igniter


i have problem in the logout page.
After user logout, they still can access the previous visited page by pressing browser back button
heng tangPHP DeveloperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
Everybody has that problem.  Browsers do not reload the page from the server when you click on 'Back', they just put up the last display of that page.  The question is can they click on anything and do anything that should require a login.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
heng tangPHP DeveloperAuthor Commented:
the previous pages after logout on my app are having a click action. They shouldn't be allow to click anything after logged out.
Dave BaldwinFixer of ProblemsCommented:
What happens when they click?  Your page should tell them that they are logged out.
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

heng tangPHP DeveloperAuthor Commented:
it still allow to click and proceed to action
Dave BaldwinFixer of ProblemsCommented:
Then your login system is not working.  It should be checking the login status on every page.
Loganathan NatarajanLAMP DeveloperCommented:
yes, you can lock the browser to back, i handled one project.
Dave BaldwinFixer of ProblemsCommented:
That won't fix his login problem.  If he can 'back' to the page and have it work, then someone can go directly to the page and make it work.  It appears that he is not checking the login on every page.
Loganathan NatarajanLAMP DeveloperCommented:
I used this script on my logout and after login page as well. It works fine to me.

<script type="text/javascript">
        function noBack()

<body onLoad="noBack();" onpageshow="if (event.persisted) noBack();" onUnload="">

Open in new window

Ray PaseurCommented:
The issue here goes to the nature of HTTP requests and browser cache.  You can go "back" through browser history and the browser will simply show you the existing content of the cached page.  It's not until you deliberately refresh the browser (which causes a new HTTP request) that you see the new state of the request after the logout.  Because there are browser settings that come into play, this can be confusing and inconsistent on different client computers.  Because clients can disable JavaScript, the JavaScript solutions may not give you 100% coverage.  A safer way to do this is to cause the logout script to make an HTTP request after it has cleared the client credentials from the web server.

Here is an article on how to do PHP client authentication.  Note that the logout script has an example showing how to redirect the client browser with header().  This will cause the needed HTTP request, and the problem will be solved.

Here is an article describing the nature of the HTTP Client/Server protocols.

Here is the minimum information you need to understand about PHP sessions.
heng tangPHP DeveloperAuthor Commented:
hmm.. i think i found the solution at Stackoverflow.  The reason for my case is due to the browser storing cache and it is a browser nature behaviour.  So it has nothing to do with my code.
I use the header to put no-cache on all pages so that  and do validation on every pages.

THanks for your time folks.. I suppose I should give you some credit for your efforts.
heng tangPHP DeveloperAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for heng tang's comment #a40345593
Assisted answer: 100 points for Loganathan Natarajan's comment #a40343683
Assisted answer: 200 points for Ray Paseur's comment #a40343850

for the following reason:

FOund solution myself
Ray PaseurCommented:
So it has nothing to do with my code.
It has everything to do with your code!  Please read the last three lines of the code snippet under the paragraph Client Un-Authentication - the Logout Page
heng tangPHP DeveloperAuthor Commented:
this answer leads me to the rigth direction to solve the problem which is to clear the page cache using native PHP
Ray PaseurCommented:
You can't clear the page cache using native PHP.  PHP runs on the server.  The cache is on the browser.
Ray PaseurCommented:
@heng_tang: Please see the grading guidelines.

Why did you give a marked-down grade?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.