pwes24 Posted December 14, 2007 Share Posted December 14, 2007 Hi everyone. I have script to logout a user but I've realized that if after logging out a user can go back in the same browser and view restricted files. This script works only if the user closses the browser window. Any ideas? <?php session_start(); if (isset($_SESSION['user_id'])) { echo "Your username is ".$_SESSION['user_id'].".<br>"; session_destroy(); echo "Your username is still ".$_SESSION['user_id'].".<br>"; $_SESSION = array(); echo "You are now logged out!"; } ?> Link to comment https://forums.phpfreaks.com/topic/81742-http_auth-log-out/ Share on other sites More sharing options...
mrdamien Posted December 14, 2007 Share Posted December 14, 2007 In order to kill the session altogether' date=' like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.[/quote'] <?php // Initialize the session. // If you are using session_name("something"), don't forget it now! session_start(); // Unset all of the session variables. $_SESSION = array(); // If it's desired to kill the session, also delete the session cookie. // Note: This will destroy the session, and not just the session data! if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-42000, '/'); } // Finally, destroy the session. session_destroy(); ?> Link to comment https://forums.phpfreaks.com/topic/81742-http_auth-log-out/#findComment-415214 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.