Jump to content

[SOLVED] WHY WONT <? session_start(); session_destroy(); ?> log me out?


Recommended Posts

i made a login script with the ability to acess the members only page if ur logged in correctly (the session set to true)

now when i go to my singout page which has this code

i can still acess my members only page and am still signed in?

how do i sign out?

 

<?
session_start();
session_destroy();
?>

isnt working

Link to comment
https://forums.phpfreaks.com/topic/158835-solved-why-wont-log-me-out/
Share on other sites

eRott, you will still need to Initialize the session first

 

Aye. Sorry, I probably should have clarified that. Yes, I know it  needs to be initialized first. Myself, I use it as a function.

 

function user_logout()
{
// End the session and unset all vars
session_unset();
session_destroy();
}

 

The session is already started elsewhere on the page.

 

Sorry for the confusion.

  • 5 months later...

I mean it trashes the session ID, (could cause problems with other sessions etc)

basically bad practice

using session_unset is fine

however I would recommend you us this as it also clears the cookie as sometimes the sessions don't clear from the server this will also clear the link from the client

 

try

<?php
session_start();
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');
}
session_destroy();
?>

session_start(); //yes, you still have to start the session
session_unset();
session_destroy();
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-55, '/');
}

 

so i dont have to add ANYTHING ELLSE? that is taken from the page exactly to signout.

?

add

$_SESSION = array();

under

session_start()

it will clear the session details, yes i know your deleting them but its a just in case measure,

 

you could also redirect them to the home page

ie

at the end add

header("Location: index.php");

all your doing is removing details then removing the item itself

 

Now just say the session didn't get removed from the server (for whatever reason) that means the users details are still floating around on the server waiting to timeout right ?

 

Well by setting the details to an empty array they are no use to anyone so it doesn't matter as much compared to then holding valid user details.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.