pwes24 Posted December 14, 2007 Share Posted December 14, 2007 Hi everyone. I have script to logout a user but I've realized that if after logging out a user can go back in the same browser and view restricted files. This script works only if the user closses the browser window. Any ideas? <?php session_start(); if (isset($_SESSION['user_id'])) { echo "Your username is ".$_SESSION['user_id'].".<br>"; session_destroy(); echo "Your username is still ".$_SESSION['user_id'].".<br>"; $_SESSION = array(); echo "You are now logged out!"; } ?> Quote Link to comment Share on other sites More sharing options...
mrdamien Posted December 14, 2007 Share Posted December 14, 2007 In order to kill the session altogether' date=' like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.[/quote'] <?php // Initialize the session. // If you are using session_name("something"), don't forget it now! session_start(); // Unset all of the session variables. $_SESSION = array(); // If it's desired to kill the session, also delete the session cookie. // Note: This will destroy the session, and not just the session data! if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-42000, '/'); } // Finally, destroy the session. session_destroy(); ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.