anti "BACK" button

[eluser]$ilovephp[/eluser]
Hello There.

My situation is i have a login form, works fine, sets the session data. But the problem is, after i login, i can hit the back button of my browser and it will give me the login form again. Sessions isn't destroyed yet. and isn't it annoying to see that the browser will bring you to login form although you have already logged in.

how do you guys solve this problem? Any tips?

[eluser]mddd[/eluser]
That depends on the browser. If all caching in the browser is off, it will reload the page and show you the correct, logged-in page.
You could make the form page reload itself to be sure this doesn't happen and it will always show an up to date version.
Personally, I don't think there is a problem in this behaviour, as it is the browser doing it. Other site will function in this way too,
so users won't find it to be a problem, I would say.

[eluser]WanWizard[/eluser]
Our template engine automatically inserts a hidden form field in every form with a unique hash.

This hash is stored in the user's session record after succesful form validation. Form validation also checks if the hash is already present, and if so, generates a validation error due to a re-submit of the form.

[eluser]n0xie[/eluser]
Never mind read the question wrong

[eluser]dmorin[/eluser]
I'd like to point out that typically, when people click the back button, they want to see the previous page. This isn't a defect, this is the way the Internet works. Please don't break the user experience by screwing with the back button!

Instead, think about the use case. Why is someone clicking the back button in the first place. I would guess it's because they tried to access a protected page, and you redirected them to the login form. If you're not keeping track of the original page and redirecting them there after logging in, then they'll use the back button to try to get where they were originally going. If this is the case, the solution isn't to muck with the back button, it's to redirect the person to the originally requested URL after they login instead of your default landing page.

[eluser]$ilovephp[/eluser]
i appreciate your reply dmorin. The question actually is not to disable the back button, instead, i want to know how did other sites (eg facebook) redirected the user to the "default landing page" (as you quoted) after clicking the back button right after logging in.

i would gladly try mddd had suggested ("form page reload itself" -mddd).

Thanks for your time guys

[eluser]Aken[/eluser]
Your login page should look for the logged-in session information. If a user has already logged in, it should forward them to the appropriate place, as if they had just filled out the form.

[eluser]dmorin[/eluser]
@Aken The problem is that the browser doesn't generally re-request the page when you click the back button, it just loads it from the cache. So you either need to prevent the browser from caching it, or use javascript to detect the login and redirect as necessary.