Page 1 of 1

log out function not killing session

Posted: Wed Mar 31, 2010 11:20 pm
by Obadiah
ok so ive got the user loggd in....however when i use

Code: Select all

function clearsessionscookies() 
{ 
    unset($_SESSION['auth']); 
    unset($_SESSION['logname']); 
	$_COOKIE[auth]=="0";
    session_unset();     
    session_destroy(); 
}
attach it to an a tag:

Code: Select all

<a class=\"Logout\" href=\"index.php?action=logout\">
and refer to it later on in the code by

Code: Select all

if ( isset($_GET['action']) && 'logout'===$_GET['action'] ) { 
        clearsessionscookies(); 
} 
it does not work correctly...the page at logout is set to go back to the login screen but if i hit the back button it allows the user back in instead of a "expired" or page cannot be displayed. can anyone assist me with this please! :banghead:

Re: log out function not killing session

Posted: Thu Apr 01, 2010 12:06 am
by s.dot
this should do the trick..

Code: Select all

//kill the session cookie
if(isset($_COOKIE[session_name()]))
{
	setcookie(session_name(), '', time()-42000, '/');
}

//destroy the session
if(!empty($_SESSION))
{
	session_destroy();
}

//set session to an empty array
$_SESSION = array();
Remember, you also have to call session_start(); somewhere before this code (if you don't already)

Re: log out function not killing session

Posted: Thu Apr 01, 2010 1:13 am
by Obadiah
thanks bro...that did the trick of killing the cookie...none of the user info shows up after implementation when i hit the back button....however, is there a way to get that ("webpage has expired") message page you get on other sites when you try to hit the back button after login?

Re: log out function not killing session

Posted: Thu Apr 01, 2010 3:11 am
by phu
Sure there is: Check for where the user is coming from and whether the session would otherwise be active. ;)

It's a pretty arbitrary thing, whether your site expects a user that's new or one that's just logged out.