I've created a site which requires authentication and has a login.php and a logout.php page. This is all working well, but I've just noticed that during testing on my Mac OS X 10.6.3 Mac and also on my iPhone that when I logout it ends the session successfully, however when I click the back button it takes me to the previous page showing the contents without requiring authentication. This doesn't happen on my PC with Windows XP SP3 and Internet Explorer 8. My logout.php page uses:
session_start(); session_unset(); session_destroy();
and I've tried adding headers to all the protected pages:
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
but this makes no difference. Can anyone else confirm this happens for them. Doesn't appear to be an issue with the PHP API but something related to Safari/webkit browsers and the back button.