You can’t prevent someone from using the back button. You need a redirect on your login page or an error message right before the user session is set if they are logged in.
top of php file that contains your login form, and the actual login log if seperate:
if(isset($_SESSION['username'])) {
header("Location: /"); // redirects them to homepage
exit; // for good measure
}
Now if the user presses back, they simply go to the homepage and no logic is run.