Jump to content

Is this all thats need to log out?


freelance84

Recommended Posts

The following snippet of code is from my authenticate page:

if($u_pass == $row[2])
	{
		session_start();
		$_SESSION['ID']		  = $row[0];
		$_SESSION['username'] = $row[1];
		$_SESSION['type']     = $row[3];
		$_SESSION['forename'] = $row[4];
		$_SESSION['surname']  = $row[5];

		if ($row[3] == '1')
		{header("location:adw-home.php");}
		elseif ($row[3] == '2')
		{header("location:nrt-home.php");}
		elseif ($row[3] == '3')
		{header("location:rst-home.php");}
	}

 

The above could seems to would and directs the user to their home page depending on type.

 

The following is my logout code:

<?php
session_start();
session_destroy();
header("location:index.php")
?>

 

The site doesn't create any cookies so is the above logout all I need to log a user out?

 

Sometimes when though when i'm testing the site in easyphp 3.0, when i log-in go through a few pages then log out, if i just press back in the browser it just goes back into the previous page. But sometimes it does what it's meant to and says "you are not logged in"

 

I'm guessing this is just something querky with easyphp and not closing the browser or something?

Link to comment
Share on other sites

for such a simple login, yes thats almost all you really need. You also want to unset() all you $_SESSION variables. for example

unset($_SESSION['ID'];

 

you can add that for all your variables, and it will pretty much erase the value from memory to prevent the variables from still being on the system. see session_destroy() for more information. the page pretty much has a description of why what I said is needed at the top of the page.

Link to comment
Share on other sites

I have now changed my logout.php to the following:

<?php
session_start();
unset($_SESSION['ID']);
unset($_SESSION['username']);
unset($_SESSION['type']);
unset($_SESSION['forename']);
unset($_SESSION['surname']);
session_destroy();
header("location:index.php")
?>

 

However on one of my pages I can still simply press back after pressing logout to go back into the page. The page in question looks like the following:

 

<?php
session_start();
if (isset($_SESSION['username']))
{
$u_ID = $_SESSION['ID'];
$u_name = $_SESSION['username'];
$u_type = $_SESSION['type'];
$u_forename = $_SESSION['forename'];
$u_surname = $_SESSION['surname'];
if($u_type == 2)
{
            ............... content of the page
}
else echo "Sorry something has gone wrong with your user type, please contact site admin. Thank you.";
}
else echo "You are not logged in. Please <a href=index.html>click here</a> to log in.";
?>

Link to comment
Share on other sites

I've just realised I had a global on this page:

if(isset($_POST['class_name']))
		{
			$class_name = get_post('class_name');
			global $class_name;
		}

 

I have now changed this and every occurence of this global to an array:

$class_name = array();
	if(isset($_POST['class_name']))
		{
			$class_name_get = get_post('class_name');
			array_push ($class_name, $class_name_get);
		}

 

But It still just lets me press back.

 

When I do press back, I can see the contents of the page, a form, but it won't let me send as it says i'm logged out.

Link to comment
Share on other sites

And... a slightly more interesting point.

 

The log out works in IE6 & Chrome 4.1

 

The log out works to an extent (when i press back I can see the content of the page but not send data with form) in:

Firefox 3.05 and Safari 4.05

 

(all of which are running on winXPpro version 5.1)

Link to comment
Share on other sites

Ok i've now found that when I log out i can simply press back and stilll view the page because it is stored on the clients computer. The actual script doesn't rerun but will still show the page. As soon as the browser tries to re-run the script again it can't as the user has logged out and detroyed the session.

 

I tried adding the nocache/pragma in the headers but this didn't solve anything. I later found that there is very little that can be done to prevent the browser from doing this. One work around is to add javascript to the page (but as i am trying create my site with no javascript).

 

The reason this problem doesn't exist on chrome and ie6 is because these browsers have a built in function which forces the user to reload/refresh a page if there has been and POST to the site. This then obviously makes the browser realise the session has been destroyed.

 

I down loaded firefox 3.6 and found this version has this function also built in. Don't know about safari. But then I'm not a fan of the granny smith world.

 

Hope this helps anyone who comes across the same problem in the future.

 

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.