HOW? to clean the $_SESSION array in the LogIn page

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
reverse
Forum Newbie
Posts: 4
Joined: Thu Aug 22, 2002 4:43 pm
Contact:

HOW? to clean the $_SESSION array in the LogIn page

Post by reverse »

How to fix this ? Simple question but I like to do it right the first time (this is the first time I write PHP $_SESSION ). Please make your suggestion.

I have a login page with USERID and PASSWORD text fields. The submit button will called checkuser.php file. In the checkuser.php file, $_SESSION will get values assign to it:

$_SESSION["username"] = $txtusername;
$_SESSION["customer_id"] = session_id();

And the code will call mySQL to check whether USERID and PASSWORD existed in mySQL database. If success , it will load the menu.php page.

If user hit the CRTL + BACK keys in from the menu.php page. I like to make the user have to login again.

How to clean out the $_SESSION ?

How to clean session_id() ?

Thank in advance

:?: :P
User avatar
protokol
Forum Contributor
Posts: 353
Joined: Fri Jun 21, 2002 7:00 pm
Location: Cleveland, OH
Contact:

Post by protokol »

session_destroy()
reverse
Forum Newbie
Posts: 4
Joined: Thu Aug 22, 2002 4:43 pm
Contact:

HOW? to clean the $_SESSION array in the LogIn page

Post by reverse »

Hi,

I could be wrong , but CTRL + BACK keys just load the page again from cache, and since it does not send a request to server any PHP scripts will not run.

Any other options at all? ( please no punt intended )

Thanks
:P
jason
Site Admin
Posts: 1767
Joined: Thu Apr 18, 2002 3:14 pm
Location: Montreal, CA
Contact:

Post by jason »

Well, you sort of answered that question yourself then. :D
reverse
Forum Newbie
Posts: 4
Joined: Thu Aug 22, 2002 4:43 pm
Contact:

HOW? to clean the $_SESSION array in the LogIn page

Post by reverse »

Jason,

Does that mean no other options? hmmmmm am I stuck?

:P
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

You might be able to develop something using client side code and some kind of nonce/timestamp. Sending some no-cache and similar headers might help on some non-conforming browsers, but proper browser are supposed to never generate a server request on forward/back. You could also try using a input field of type password, most browsers clear that automatically, for your cc numbers (of course that makes it hard for the user to input it.)
jason
Site Admin
Posts: 1767
Joined: Thu Apr 18, 2002 3:14 pm
Location: Montreal, CA
Contact:

Post by jason »

Well, let me ask you this: Why do you want the user to login again after they have logged in?
User avatar
hob_goblin
Forum Regular
Posts: 978
Joined: Sun Apr 28, 2002 9:53 pm
Contact:

Post by hob_goblin »

Just make the script check if a user is logged in. if they are do a session_destroy, and header to itself. also put a header on the top removing the cache so the page will refresh
reverse
Forum Newbie
Posts: 4
Joined: Thu Aug 22, 2002 4:43 pm
Contact:

HOW? to clean the $_SESSION array in the LogIn page

Post by reverse »

Thank all for suggestion.

What I am trying to do is: users login using domain name as userid.

Once they are logging in correctly, then I created a session to track that particular user. Everything work fine except when a user might have 2 domain names and he/she decide to go back to the LOGIN page after he/she already logged in to login with a different domain name.

That why I want to destroy the SESSION and start a new SESSION "everytime" user is logging in.

Thanks
User avatar
Takuma
Forum Regular
Posts: 931
Joined: Sun Aug 04, 2002 10:24 am
Location: UK
Contact:

Post by Takuma »

I would recommend using session_unset and session_destroy.
Post Reply