Back Button Problem after Login Out

You cannot.
The back button takes you to a cached version of the page. Any activity on this page will force it to reload and, therefore, lose the cached version.

Then how ather sites restrict fetching loged out page ? i want to learn that .....

Hi.
did u unset the session variable(s) on log out page.

I think the back/refresh/forward issue is a typical problem with not only your log in issue, but also in calls to scripts that perform changes to databases (e.g. double submitting of posts to forums, etc.).

In my applications I use a nasty trick that my users are not particularly happy about, but have gotten used to. I save a counter as a variable in the $_SESSION array which is incremented by one each time a user accesses a page in the application. Also, for each page, I retrieve the current value of this counter and place it on the page as a hidden variable.

Then when the user submits for a new page, I compare the value of this counter stored in the $_SESSION variable to the value that is submitted in the $_POST variable, and if they do not match with each other, I know that the user has submitted a cached page using the refresh, back or forward buttons. And when this happens, I send the user to the application's start page, which is a safe page that does no database changes.

Um doh to me, I see I read the OP's post a bit too hastily.

As mentioned by the post previous to mine, you should destroy the session in the script that performs the log out. Look in the php documentation for the session_destroy () function, and related comments about its use and what else needs to be removed.

If the session is adequately destroyed, then using the back button after the user logs out should result in the user not really getting anywhere, if your scripts are programmed correctly. You should check to see if a session actually exists at the start of each page request, and redirect the user to the log in page if the session does not exist (has been destroyed due to the user logging out).