Jump to content

Archived

This topic is now archived and is closed to further replies.

drranch

need help w/session_destroy()

Recommended Posts

:-\

I'm using a logout script, but when I select the back browser button I'm still logged in.  Here is the code.....

session_start();

if(!isset($_REQUEST['logmeout'])){
    echo "<center>Are you sure you want to logout?</center><br />";
    echo "<center><a href=logout.php?logmeout=true>Yes</a> |
    <a href=javascript:history.back()>No</a>";
} else {
session_destroy();
}
?>

Share this post


Link to post
Share on other sites
so I figured out that this only ends the session on the file system and not the session cookie from the browser.  How would I remove the session cookie from the browser? ???

Share this post


Link to post
Share on other sites
Its a bit of a hack, but maby set it to something that isnt going to be valid. EG  i use "in" and "out" for my logged in session, and it just gets set to "als;dfjnasf" if they are logged out.
and when i validate if they are logged in, obviousally "asdfaSDF" isnt a valid entry, so it rejects them.
Might help.
Cheers,
Nathan

Share this post


Link to post
Share on other sites
A session is set untill you close the browser ok.


you could try unset($session_name); ok

Share this post


Link to post
Share on other sites
when wanting to end a session it is essential that you unset any session variables you have previously set, eg,

session_start();

if(!isset($_REQUEST['logmeout'])){
    echo "<center>Are you sure you want to logout?</center>";
    echo "<center><a href=logout.php?logmeout=true>Yes[/url] |
    <a href=javascript:history.back()>No[/url]";
} else {
[color=green]unset($_SESSION['session_var_here']);[/color]
session_destroy();
}
?>

so you need to use unset(); on any session vars before you call session_destroy() or you will get the the problem you detailed

Share this post


Link to post
Share on other sites
Also read this as a refrence ok.


session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie.

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

Share this post


Link to post
Share on other sites
assuming that the unique session ID is used as part of the authentication method otherwise there is no need to delete the cookie only to unset any global session variables and to call the session destroy function

Share this post


Link to post
Share on other sites
if that was supposed to say 'great' then thanx :)

but not as great as these forums ;)

Share this post


Link to post
Share on other sites
???

So I added the unset $_SESSION["session_id"], but I'm still logged in when I select the browsers back button.  ::)

I'm reading up on this schtuff at .....http://www.captain.at/howto-php-sessions.php

And its making sense more and more....

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.