Welcome to WebmasterWorld hartzoua,

If the page is cached there isn't really much you can do if they go back. If you are already authenticating the user on each page and it still shows then you are kind of stuck.

You can send no-cache headers but even then it may still show the page on Back. At least if they try to go anywhere from there they will be thrown back to the login page.

When they logout do you send them off to the login page now?

Thank you Jatar_k,
I erased the cache header and now it works fine. When they log out i send them to one other page and when they try to get in without session i send them to the log in page.
When you say "authenticating the user in each page" what exactly do you mean? To try to match at the beggining of every page the session elements that i get with the ones that i have in the database? If i do this, won't my website become too slow?
Thanks a lot

not so much testing them a against the db every time just testing that essential sessions vars are there and that they aren't empty. If they aren't there then they are once again banished to the login page and we destroy the session.

for example if you store username and accountid in the session and need them to be there all the time. On each page you can include a base auth like so

<? include "/mylibs/auth.php";?>

auth.php

<?
if (!isset($_SESSION['username']) ¦¦!isset($_SESSION['account_id'])) {
unset($_SESSION);
header("Location: /login.php");
}

something like that

Thanks a lot,

Till now everything works perfectly. But i'm afraid you 'll have news from me soon! :)