ksmatthews Posted May 7, 2008 Share Posted May 7, 2008 HI All, I am having some problems with my session functionality. To protect my pages from unauthorised viewing / login I have placed the following at the top of each php page ... // START page session functionality +++++++++++++++++++++++++++++ // start new session or revert to an existing session session_start(); // check session var if(!isset($_SESSION['login'])) { header( 'Location: index.php' ); } else { if($_SESSION['login'] < time()) // testing fot session expiry header( 'Location: index.php' ); // reset expiry time for each page reload $_SESSION['login'] = time() + SESSION_EXPIRY; } // END page session functionality ++++++++++++++++++++++++++++++ When logging out I run this .... // re-start existing session session_start(); // Unset all of the session variables. $_SESSION = array(); // destroy session session_destroy(); // go to login page header( 'Location: index.php' ); This all SEEMS to work BUT if I click the back button enough times, I can return to earlier pages WITHOUT having logged in again !!! Any suggestions would be helpful, regards, Steven M :'( Link to comment https://forums.phpfreaks.com/topic/104562-logging-out-not-working/ Share on other sites More sharing options...
ToonMariner Posted May 7, 2008 Share Posted May 7, 2008 to destroy a session use unset($_SESSION) followed by destroy. Link to comment https://forums.phpfreaks.com/topic/104562-logging-out-not-working/#findComment-535250 Share on other sites More sharing options...
blackcell Posted May 7, 2008 Share Posted May 7, 2008 I have a problem that is somewhat the same. I do an individual test to see if all my sessions vars are set and if one is not, it will return the user to the login page. Sometimes I get timed out, which is expected. But other times I can leave the page open for days and as long as I don't log out I can browse around. Link to comment https://forums.phpfreaks.com/topic/104562-logging-out-not-working/#findComment-535253 Share on other sites More sharing options...
rhodesa Posted May 7, 2008 Share Posted May 7, 2008 Are you sure it's logging you back in and it's not just the browser caching the page? If you hit the browser back button a bunch till you get to one of the 'secure' pages, and then hit refresh, it doesn't require you to login again? Link to comment https://forums.phpfreaks.com/topic/104562-logging-out-not-working/#findComment-535254 Share on other sites More sharing options...
The Little Guy Posted May 7, 2008 Share Posted May 7, 2008 Try this: <?php // Initialize the session. // If you are using session_name("something"), don't forget it now! session_start(); // Unset all of the session variables. $_SESSION = array(); // If it's desired to kill the session, also delete the session cookie. // Note: This will destroy the session, and not just the session data! if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-42000, '/'); } // Finally, destroy the session. session_destroy(); ?> Link to comment https://forums.phpfreaks.com/topic/104562-logging-out-not-working/#findComment-535283 Share on other sites More sharing options...
ksmatthews Posted May 7, 2008 Author Share Posted May 7, 2008 hI Guys, Thanks for your useful comments and support. THe last comment about using session_name() was very useful, regards, Steven M Link to comment https://forums.phpfreaks.com/topic/104562-logging-out-not-working/#findComment-535291 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.