PFMaBiSmAd Posted June 12, 2012 Share Posted June 12, 2012 You actually haven't stated what is happening when you try to log out that isn't working. What is happening and what do you expect to happen? Quote Link to comment https://forums.phpfreaks.com/topic/263637-correctly-destroy/page/2/#findComment-1353139 Share on other sites More sharing options...
hackalive Posted June 12, 2012 Author Share Posted June 12, 2012 Well when I log-out the cookie should delete - it is currently not deleting no matter all the code I try (above). @PFMaBiSmAd If you can provide a link to a script/tutorial for the correct login/logout procedure you outlined before that uses db & sessions/cookies I am more than willing to chuck my code out and use yours. (As a side note what do you think of this http://www.devshed.com/c/a/PHP/Creating-a-Secure-PHP-Login-Script/) Quote Link to comment https://forums.phpfreaks.com/topic/263637-correctly-destroy/page/2/#findComment-1353149 Share on other sites More sharing options...
silkfire Posted June 12, 2012 Share Posted June 12, 2012 Hackalive, what cookie are you talking about? The session cookie is supposed to be on the user's computer until he shuts down the browser. Quote Link to comment https://forums.phpfreaks.com/topic/263637-correctly-destroy/page/2/#findComment-1353156 Share on other sites More sharing options...
PFMaBiSmAd Posted June 12, 2012 Share Posted June 12, 2012 cookie should delete Why would you need to do that? Deleting the session variable that your code uses to indicate the logged in state is enough. Also, php cannot actually delete a cookie. All you are actually doing is setting the cookie's expire time in the past so that the browser no longer sends it to the server with the page request. The cookie is still present on the client's computer. The only actual way of deleting a cookie is to delete the cookie file by going to the computer and using the browser or the file system to delete it. To 'delete' a cookie you must use the same name, path, domain, secure, and httponly parameters in the setcookie() statement that were used when the cookie was created. Otherwise, you are actually trying to set a different cookie. Quote Link to comment https://forums.phpfreaks.com/topic/263637-correctly-destroy/page/2/#findComment-1353158 Share on other sites More sharing options...
silkfire Posted June 12, 2012 Share Posted June 12, 2012 Also, when you have a variable like $_SESSION['logged_in'] there's no way to check that without first starting a session. So you got it all wrong mate. Quote Link to comment https://forums.phpfreaks.com/topic/263637-correctly-destroy/page/2/#findComment-1353160 Share on other sites More sharing options...
Jessica Posted June 12, 2012 Share Posted June 12, 2012 During logoff, $_SESSION = array() will remove that variable and the user will be logged off. logout.php session_name('s'); session_start(); session_unset(); session_destroy(); ALSO ini_set('display_errors',1); error_reporting(E_ALL); session_name('s'); session_start(); session_unset(); session_destroy(); returns no errors - just a blank page. No, it's NOT. Quote Link to comment https://forums.phpfreaks.com/topic/263637-correctly-destroy/page/2/#findComment-1353196 Share on other sites More sharing options...
hackalive Posted June 12, 2012 Author Share Posted June 12, 2012 cookie should delete Why would you need to do that? Deleting the session variable that your code uses to indicate the logged in state is enough. Also, php cannot actually delete a cookie. All you are actually doing is setting the cookie's expire time in the past so that the browser no longer sends it to the server with the page request. The cookie is still present on the client's computer. The only actual way of deleting a cookie is to delete the cookie file by going to the computer and using the browser or the file system to delete it. To 'delete' a cookie you must use the same name, path, domain, secure, and httponly parameters in the setcookie() statement that were used when the cookie was created. Otherwise, you are actually trying to set a different cookie. Of course your going to provide a link to a login script that matches all of this and the db stuff your discussed previously. Quote Link to comment https://forums.phpfreaks.com/topic/263637-correctly-destroy/page/2/#findComment-1353337 Share on other sites More sharing options...
hackalive Posted June 17, 2012 Author Share Posted June 17, 2012 Of course you wouldn't. Quote Link to comment https://forums.phpfreaks.com/topic/263637-correctly-destroy/page/2/#findComment-1354551 Share on other sites More sharing options...
Jessica Posted June 18, 2012 Share Posted June 18, 2012 He never said anything about a database, and you've refused to try the suggestions made to you. Quote Link to comment https://forums.phpfreaks.com/topic/263637-correctly-destroy/page/2/#findComment-1354931 Share on other sites More sharing options...
hackalive Posted June 24, 2012 Author Share Posted June 24, 2012 First, I tried every suggestion. Feel free to prove me wrong. Also "You should be solely using a value on the server to determine if someone is logged in or not." was never explained or exampled by him. Quote Link to comment https://forums.phpfreaks.com/topic/263637-correctly-destroy/page/2/#findComment-1356515 Share on other sites More sharing options...
Jessica Posted June 25, 2012 Share Posted June 25, 2012 So you tried doing $_SESSION = array(); in your logoff script? What he was talking about is not relying on a COOKIE for determining if someone is logged in, but only using the SESSION (which is stored on your server, not in a database). You shouldn't check if the cookie is set, you should check the session. It's that simple. Quote Link to comment https://forums.phpfreaks.com/topic/263637-correctly-destroy/page/2/#findComment-1356839 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.