ankit.pandeyc012 Posted December 28, 2010 Share Posted December 28, 2010 <?php require_once('database.php'); require_once('upper.php'); $LoginId=$_COOKIE['LoginIdCookie']; $query="SELECT * FROM registration WHERE LoginId='$LoginId'"; $result=mysqli_query($dbc,$query) or die('Not Connected'); $row=mysqli_fetch_array($result); if(isset($_COOKIE['LoginIdCookie'])) { setcookie('LoginIdCookie',$row['LoginId'],time()-3600); echo 'Log'; } else { setcookie('AdminCookie','A',time()-3600); } //$home_url='http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']).'/LoginValidator.php'; //header('Location: LoginValidator.php'); echo "You are logged out successfully.<br><br>"; echo $LoginId; //echo "<a href='index1.php'>Back to Home</a>"; require_once('lower.php'); ?> HI friends......... By above code I m not logged out even it displays "You are logged out successfully"..... After click on back button I can do everything..... So plz tell me where I am wrong????? Anyone plzzzzzzzzzz///// Quote Link to comment https://forums.phpfreaks.com/topic/222787-i-want-to-log-out/ Share on other sites More sharing options...
revraz Posted December 28, 2010 Share Posted December 28, 2010 I wouldn't use cookies to determine if you are logged in or not, I would use sessions. Quote Link to comment https://forums.phpfreaks.com/topic/222787-i-want-to-log-out/#findComment-1152013 Share on other sites More sharing options...
PFMaBiSmAd Posted December 28, 2010 Share Posted December 28, 2010 Your code is unconditionally echoing the "You are logged out successfully" message, regardless of if you actually logged out. Did you determine why you could not set cookies in your previous thread, because that may also tell us why you cannot clear the cookies (which is actually just setting the cookie with a time in the past.) You should also NOT have a cookie named 'AdminCookie' because someone will just set that cookie and take over your site. Some of the first open source scripts, like phpbb did this and a lot of web sites were taken over because all you need to do is create a cooke that says you are the administrator to a site. You should rely only on a value stored on the server to determine if any logged in visitor is an administrator. You should just set a unique value in the cookie to identify each visitor and control the logged in/logged out status ONLY using a value stored on the server. The unique value you use should not be easy to guess or reproduce. It should not be a simple integer, such as the auto-increment value from your user table. See the uniqid function for how you might generate a unique and hard to guess and hard to reproduce id. Quote Link to comment https://forums.phpfreaks.com/topic/222787-i-want-to-log-out/#findComment-1152021 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.