How to destroy session variables on Logout?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
aingham
Forum Newbie
Posts: 1
Joined: Wed Dec 09, 2009 5:01 am

How to destroy session variables on Logout?

Post by aingham »

Hi All,

I have a standard situation where I am using PHP sessions and I want to log a user out. The logout function is essentially as follows:

Code: Select all

function logout() {
  @ $olduser = $_SESSION['userid'];
  $_SESSION = array();
  $result_destroy = session_destroy();
  if (!empty($olduser)) {
    if ($result_destroy) {
      $data['logout_msg'] = 'You have been logged out successfully.';
    } else {
      $data['logout_msg'] = 'Could not log you out.';
    }
  } else {
    $data['logout_msg'] = 'You were not logged in, and so have not been logged out.';
  }
}
This seems to log the user out successfully and remove session variables. However, if I use the page back button in the browser, to a page where user was logged in, then all the session variables 'reappear' and user is seen as being logged in.

How can this be possible if session variables only exist on server side and they've been destroyed?!

Very confused,

Andy
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: How to destroy session variables on Logout?

Post by jackpf »

Loaded from cache. They're not really logged in.
Post Reply