A lot has been said on the issue already, so I'll attempt to keep mine brief.
Cache control will help a little, but not all browsers support it. Yes, it will cause a little more traffic on your site, and yes it will "help" keep some people from clicking back, but it certainly won't FIX anything. Javascript can disable back buttons, but i've never used it, because a) I hate javascript b) you can't rely on javascript to be available c) i don't like forcing people to work a certain way d) there are always work-arounds I know it sounds simple, but try to analyse what other big sites are doing in this situation: - amazon.com doesn't seem to "break" when I disrupt my surfing with a login or logout... it just picks up the pieces and does what it can. last time I bought stuff there, I certainly didn't notice any caching issues, or that my back button was disabled. - my bank, the national bank (national.com.au) pops up the entire secure banking process in a new javascript window... essentially, this starts a new process for the user in a new window. when they log-out, the window is useless and is closed... there is NO clicking back if the window is closed :) I guess the national were concerned enough about back buttons and all that stuff to require javascript in order to use net banking... you'd have to make your own assessment of that. If there's a big issue with people clicking back, I'd suggest that there *may* be a problem with the logic of your site. Afterall, clicking "back" is what the web is about!! If the big sites can cope with it, I'm sure you can. In short my solution is that if you CAN'T live with people clicking back, then you should open the sensitive content in a new window which is auto-closed when the user logs out... this way there is no hope of clicking back. Yes it requires javascript, which means you have to think hard about ignoring a % of your users. Justin French -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
