ksmatthews Posted May 7, 2008 Share Posted May 7, 2008 HI All, I am having some problems with my session functionality. To protect my pages from unauthorised viewing / login I have placed the following at the top of each php page ... // START page session functionality +++++++++++++++++++++++++++++ // start new session or revert to an existing session session_start(); // check session var if(!isset($_SESSION['login'])) { header( 'Location: index.php' ); } else { if($_SESSION['login'] < time()) // testing fot session expiry header( 'Location: index.php' ); // reset expiry time for each page reload $_SESSION['login'] = time() + SESSION_EXPIRY; } // END page session functionality ++++++++++++++++++++++++++++++ When logging out I run this .... // re-start existing session session_start(); // Unset all of the session variables. $_SESSION = array(); // destroy session session_destroy(); // go to login page header( 'Location: index.php' ); This all SEEMS to work BUT if I click the back button enough times, I can return to earlier pages WITHOUT having logged in again !!! Any suggestions would be helpful, regards, Steven M :'( Quote Link to comment Share on other sites More sharing options...
ToonMariner Posted May 7, 2008 Share Posted May 7, 2008 to destroy a session use unset($_SESSION) followed by destroy. Quote Link to comment Share on other sites More sharing options...
blackcell Posted May 7, 2008 Share Posted May 7, 2008 I have a problem that is somewhat the same. I do an individual test to see if all my sessions vars are set and if one is not, it will return the user to the login page. Sometimes I get timed out, which is expected. But other times I can leave the page open for days and as long as I don't log out I can browse around. Quote Link to comment Share on other sites More sharing options...
rhodesa Posted May 7, 2008 Share Posted May 7, 2008 Are you sure it's logging you back in and it's not just the browser caching the page? If you hit the browser back button a bunch till you get to one of the 'secure' pages, and then hit refresh, it doesn't require you to login again? Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted May 7, 2008 Share Posted May 7, 2008 Try this: <?php // Initialize the session. // If you are using session_name("something"), don't forget it now! session_start(); // Unset all of the session variables. $_SESSION = array(); // If it's desired to kill the session, also delete the session cookie. // Note: This will destroy the session, and not just the session data! if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-42000, '/'); } // Finally, destroy the session. session_destroy(); ?> Quote Link to comment Share on other sites More sharing options...
ksmatthews Posted May 7, 2008 Author Share Posted May 7, 2008 hI Guys, Thanks for your useful comments and support. THe last comment about using session_name() was very useful, regards, Steven M Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.