From: "Roger Spears" <[EMAIL PROTECTED]> > 1) How can I prevent the use of the browser "back" button after someone > logs out?
You don't. You never prevent the use of the back button. When someone logs in, then a session should be started with some content, like you've already mentioned. So, thoughout the process, you make sure that session is still there and complete with the appropriate content. When the user logs out, you get rid of the session and that content. Now, when they hit back, they'll still have an empty session, so your script should require them to log in again to get a correct session. > 2) If, after a user has attained step 3, they use their back button to > change a variables value in step 2, the new value is never saved by the > session and their original entry is used in the email. How can I adjust > for people using their "back" buttons during the individual steps of the > script? Again, you can't (shouldn't) stop people from using the back button. There is something wrong with your logic if the values are not saved when step 2 is submitted. If shouldn't matter if step 3 has already been completed or not. > 3) Should the header calls appear before the session_start or after? Doesn't matter. Just send them before any output. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php