My Setup Specs -------------- PHP 4.1.1, MySQL 3.23.36, & Apache 1.3.19 with mod_auth_mysql on OpenBSD 3.0 (OS).
Issue ----- Scenerio: User provides user_id and password. user_id and password are checked against the database (MySQL). If authentication is true the a session is started based on thier user_id. If autehentication is false Error 403 is displayed to user. How do you destroy a session/user authentication so the user can not use the browser back button? I have session_destroy() which seems to work fine (deletes session files in /tmp) but when you press the browser back button the exact session that was supposidly destroied is created again. I've tried using unset() to reset variables but that doesn't seem to work either. Any ideas... please epxplain this to me. I'm total lost why this isn't working. BTW, I'm using cookies. Another question I would have is.. to kill the cookie do I have to use set_cookie to remove the cookie from the users browser or is this also destroied in the session_destroy process? If it is suppose to be why is it not doing so? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
