hi all, i came across a web site which offered online payment option e.g credit cards etc and after making the payment i was surprised to see i could click on the "back" button and get back to the web page where i entered all my credit card details !!! my fellow friends argued that the transaction went over https so it was secure but my problem is that i think the session should be expired after the payment has been made so no-one can go back and view the details entered ?? please throw some light on this if you can.