Page 1 of 1
HOW? to clean the $_SESSION array in the LogIn page
Posted: Thu Aug 22, 2002 4:43 pm
by reverse
How to fix this ? Simple question but I like to do it right the first time (this is the first time I write PHP $_SESSION ). Please make your suggestion.
I have a login page with USERID and PASSWORD text fields. The submit button will called checkuser.php file. In the checkuser.php file, $_SESSION will get values assign to it:
$_SESSION["username"] = $txtusername;
$_SESSION["customer_id"] = session_id();
And the code will call mySQL to check whether USERID and PASSWORD existed in mySQL database. If success , it will load the menu.php page.
If user hit the CRTL + BACK keys in from the menu.php page. I like to make the user have to login again.
How to clean out the $_SESSION ?
How to clean session_id() ?
Thank in advance

Posted: Thu Aug 22, 2002 4:47 pm
by protokol
session_destroy()
HOW? to clean the $_SESSION array in the LogIn page
Posted: Fri Aug 23, 2002 10:12 am
by reverse
Hi,
I could be wrong , but CTRL + BACK keys just load the page again from cache, and since it does not send a request to server any PHP scripts will not run.
Any other options at all? ( please no punt intended )
Thanks

Posted: Fri Aug 23, 2002 10:25 am
by jason
Well, you sort of answered that question yourself then.

HOW? to clean the $_SESSION array in the LogIn page
Posted: Fri Aug 23, 2002 11:28 am
by reverse
Jason,
Does that mean no other options? hmmmmm am I stuck?

Posted: Fri Aug 23, 2002 11:34 am
by nielsene
You might be able to develop something using client side code and some kind of nonce/timestamp. Sending some no-cache and similar headers might help on some non-conforming browsers, but proper browser are supposed to never generate a server request on forward/back. You could also try using a input field of type password, most browsers clear that automatically, for your cc numbers (of course that makes it hard for the user to input it.)
Posted: Fri Aug 23, 2002 11:34 am
by jason
Well, let me ask you this: Why do you want the user to login again after they have logged in?
Posted: Fri Aug 23, 2002 11:38 am
by hob_goblin
Just make the script check if a user is logged in. if they are do a session_destroy, and header to itself. also put a header on the top removing the cache so the page will refresh
HOW? to clean the $_SESSION array in the LogIn page
Posted: Fri Aug 23, 2002 12:07 pm
by reverse
Thank all for suggestion.
What I am trying to do is: users login using domain name as userid.
Once they are logging in correctly, then I created a session to track that particular user. Everything work fine except when a user might have 2 domain names and he/she decide to go back to the LOGIN page after he/she already logged in to login with a different domain name.
That why I want to destroy the SESSION and start a new SESSION "everytime" user is logging in.
Thanks
Posted: Fri Aug 23, 2002 2:58 pm
by Takuma
I would recommend using session_unset and session_destroy.