security issue: php login/logout script + back button

I am using a login script that stores a session value

$_SESSION['logged_i开发者_如何学编程n'] = 'yes' 

when user enters correct user/password. On logout, this session value is set to blanks. However user can hit back buttin a few times and get logged back in. I have also tried $_SESSION = array(); and session_destroy(); but with same results.

Do they really get logged back in, or are they just reloading pages from their browser cache? If it's just the cache, they will not be able to see a page they did not previously visit, and they will not be able to see new data on your site.

If they are really getting logged back in, then your login code is bad. Post the login code and the login test you do on each page.

my bad. code was in error. thanks... I cleared caches & cookies. Now IE lets me backup and assume old session value. Firefox won't let me baqck in.