How to destroy session variables on Logout?
Posted: Wed Dec 09, 2009 5:29 am
Hi All,
I have a standard situation where I am using PHP sessions and I want to log a user out. The logout function is essentially as follows:
This seems to log the user out successfully and remove session variables. However, if I use the page back button in the browser, to a page where user was logged in, then all the session variables 'reappear' and user is seen as being logged in.
How can this be possible if session variables only exist on server side and they've been destroyed?!
Very confused,
Andy
I have a standard situation where I am using PHP sessions and I want to log a user out. The logout function is essentially as follows:
Code: Select all
function logout() {
@ $olduser = $_SESSION['userid'];
$_SESSION = array();
$result_destroy = session_destroy();
if (!empty($olduser)) {
if ($result_destroy) {
$data['logout_msg'] = 'You have been logged out successfully.';
} else {
$data['logout_msg'] = 'Could not log you out.';
}
} else {
$data['logout_msg'] = 'You were not logged in, and so have not been logged out.';
}
}How can this be possible if session variables only exist on server side and they've been destroyed?!
Very confused,
Andy