logout?

[techker]

hey guys i have a script i did  and i need help with my logout?

 

im using sessions.

 

<?php
session_start();
if(!session_is_registered(myusername)){
header("location:index.php");
}?>

[DarkWater]

Uhh...I hope you're not using session_register, session_unregister, and session_is_registered, considering that they're horribly deprecated.

[techker]

why is that?

[kenshintomoe225]

When you load your logout page, make a call to session_destroy();

That'll end the session completely.

 

Also, its usually not good practice to make use of deprecated functions as they aren't supported, and can potentially cause problems with newly added functions, or other parts of your application.

[techker]

would this be good?

 

<?php
session_start();
if(!session_is_registered(myusername)){
header("location:index.php");

session_destroy();
}

?>

[DarkWater]

They're really deprecated.  You should be using the $_SESSION superglobal.

[techker]

no im thinking of this..

 

<?php 

if(isset($submit)) 
{ 
session_destroy(); 
} 

?> 

[DarkWater]

You need to have a session started before using session_destroy().

[techker]

ya they are logged in already.

 

how can i echo the user that just loggin?

[DarkWater]

session_start() needs to be called on EVERY single page, even the one with session_destroy().

[techker]

well it is on the top of every page for security..

 

and the destroy will be a button on the main page to.

 

with this

<?php 

if(isset($submit)) 
{ 
session_destroy(); 
} 

?> 



is there a way to fetch the username?

i was thinking to grab it from myusername

session_start();
if(!session_is_registered(myusername)){
header("location:index.php");

session_destroy();
}

 

 

[PFMaBiSmAd]

Session_destroy() just deletes the session data file. Any $_SESSION variables in the current script will cause the session data file to be recreated with those value in it when the script ends.

 

All the various code to unset session variables, destroy sessions, and unset the session cookie is wasted processing time and wasted bandwidth. The simplest code, which is also the most reliable way of logging someone out, is to just have a logged in/logged out column in your user table in your database and just set the value to the logged out state.

[kenshintomoe225]

That sounds like a great idea! 

[PFMaBiSmAd]

The following link contains some posts listing other advantages of just using a cookie/session to identify the visitor, but using value(s) stored in the user table to decide what they can do - http://www.phpfreaks.com/forums/index.php/topic,221684.0.html

 

Short version - even if someone is logged out, you can still keep the information that identifies who they are. And what if the session holds a language setting, do you want a multi-language web site to change to a default language just because someone logs out and you have unset/destroyed the session?

[techker]

thx guys i will study this.