My Setup Specs
PHP 4.1.1, MySQL 3.23.36, & Apache 1.3.19 with mod_auth_mysql on OpenBSD
Scenerio: User provides user_id and password. user_id and password are
checked against the database (MySQL). If authentication is true the a
session is started based on thier user_id. If autehentication is false
Error 403 is displayed to user.
How do you destroy a session/user authentication so the user can not use
the browser back button? I have session_destroy() which seems to work
fine (deletes session files in /tmp) but when you press the browser back
button the exact session that was supposidly destroied is created again.
I've tried using unset() to reset variables but that doesn't seem to
work either. Any ideas... please epxplain this to me. I'm total lost why
this isn't working. BTW, I'm using cookies. Another question I would
have is.. to kill the cookie do I have to use set_cookie to remove the
cookie from the users browser or is this also destroied in the
session_destroy process? If it is suppose to be why is it not doing so?
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]