PHP Prevent going back page after log out

I have a protected page which shows data to logged in users only, once the user clicks logout link, it destroys the session data and redirect to another page. header('Location: login.php');

Now once the page is redirected to login.php, i can easily go to back page which was protected, and can see all information there and can stay on the page untill i refresh the browser or close it.

On the websites like Gmail, and many others, once you are logged in, you can not go to back page. How this can be implemented? Thanks.

Edit: Sorry if its unclear开发者_运维问答, the protected page has few lines of code in the top to check if the session is set or not. if the session is not set then it should redirect to the other page. but the problem is that it doesnt check the session if i hit the back button on browser.

This behavior may be caused by the default caching settings of your browser/web server.

Whenever a user visits a protected page, try sending headers to prevent caching of the page:

header('Cache-Control: no-cache, must-revalidate');
header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');

This should usually cause any back-button presses to cause a complete reload of the page instead of loading it from the browser's cache.

Put this at the top of protected page:

//Probably caused by back button... Check if logged-in...
if(!$_SESSION["usernameWhatever"])
{
    //Do not show protected data, redirect to login...
    header('Location: login.php');
}

//Show protected data...

This basically check if the user is logged-in, if not, redirect to login page...

To disable caching of the page, put this inside the head tag of your page:

<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">

This code resolve problem

<?php
    echo("<script>location.href = './login.php';</script>");
?>