automate/force session destroy and cookie erase

[dflow]

what would be the best way to

automate/force session destroy and cookie erase

i have a facebook iframe, with facebook login which gets the activation token

now the user is not logged out from the login script after he logs out of facebook.

 

any ideas how to force cookie timeout without a logout button?

 

im playing with

<?php
session_start();

//Global User Object Var
//loggedInUser can be used globally if constructed
if (isset($_SESSION['userCakeUser'])) {		
	$obj = casttoclass('stdClass', $_SESSION['userCakeUser']);	
	$_SESSION['userCakeUser'] = $obj;

	$_SESSION['start'] = time(); // taking now logged in time
$_SESSION['expire'] = $_SESSION['start'] + (1 * 60) ; // ending a session in 1 minute
}
if(isset($_SESSION["userCakeUser"]) && is_object($_SESSION["userCakeUser"]))
{
	$loggedInUser = $_SESSION["userCakeUser"];
}
?>

[scootstah]

Set the cookie to the past.

 

setcookie('cookie', '', time()-60);

 

Note that you can't force a cookie, the browser chooses to accept it or not.

[dflow]

Set the cookie to the past.

 

setcookie('cookie', '', time()-60);

 

Note that you can't force a cookie, the browser chooses to accept it or not.

 

ok got these scripts

//login page
$_SESSION["userCakeUser"] = $loggedInUser;
		$_SESSION['start'] = time(); // taking now logged in time
$_SESSION['expire'] = $_SESSION['start'] + (1 * 60) ; // ending a session in 1 minute for testing
}


//session timetout include on all pages
//Session Destroy
if(isUserLoggedIn()){
$now = time(); // checking the time now when home page starts
$_SESSION['expire'];

    if($now > $_SESSION['expire'])
    {
        session_destroy();  
    }
}

 

is the logic correct?

it doesnt destroy the session

i want to force the user to login each time session was expired