Session Logout and Safari Back button issue

[fmdataweb]

I've created a site which requires authentication and has a login.php and a logout.php page. This is all working well, but I've just noticed that during testing on my Mac OS X 10.6.3 Mac and also on my iPhone that when I logout it ends the session successfully, however when I click the back button it takes me to the previous page showing the contents without requiring authentication. This doesn't happen on my PC with Windows XP SP3 and Internet Explorer 8. My logout.php page uses:

Code:

session_start(); session_unset(); session_destroy();

and I've tried adding headers to all the protected pages:

Code:

<?php 
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past 
?>

but this makes no difference. Can anyone else confirm this happens for them. Doesn't appear to be an issue with the PHP API but something related to Safari/webkit browsers and the back button.

[fmdataweb]

Forgot to add that there are a number of similar reports that I Googled, including:

http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_23702691.html

http://discussions.apple.com/thread.jspa?messageID=11579135

but no answer to the problem so far that I could find.

[webko]

I think it's actually showing you a cached version of the page from history, rather than a re-query - IE is very strong on killing cached pages, Safari less so...

Look into the meta commands for page expiry and see if you have any joy... set the results page to expire in the past.