I prefer AJAX Method, when back(or forward) occurred all js variables(page scope) have old-values. firstly you product a JS variable with time
(Server) then check this value by AJAX.when Hacker(Super-Beginner) want to access url via back/forward , this method show alert('You are Hacker.Oops')
and change location.
page.php
<script type="text/javascript">
<?php $expire=time()+120; // 2 minute
$expire_hash=md5($expire+'SECRET-KEY'); // optional for security purposes
?>
$.get('anti-back-forward.php?<?php echo "expire=$expire&expire_hash=$expire_hash"?>',
function(content){
if(content=='BAD'){
alert('You are hacker.Oops');
window.location='index.php';
}
});
</script>
anti-back-forward.php
extract($_GET);
if(($expire<time()) || $expire_hash!=md5($expire+'SECRET-KEY'))
die('BAD');
echo "OK";