Page 1 of 1

Logout (cookies+session)

Posted: Sun Oct 17, 2004 5:30 am
by vigge89
I've got a problem with my logout page, whenever I try to logout, the cookies & session is still set. Here's my code for the login form (the part where the cookies and session info is set):

Code: Select all

<?php
## set cookie information if requested (lasts 20 days)
if ($_POST['rem'] != "on") { // clear cookies
	@setcookie ('uid'); // uid - null
	@setcookie ('pwd'); // pwd - null
} else { // set cookies
	@setcookie ("uid", $uname, time() + (60*60*24*20)); // username
	@setcookie ("pwd", $upass, time() + (60*60*24*20)); // md5 hashed password
} // check checkbox value
?>
Here's the logout page:

Code: Select all

<?php
if (!$_SESSION['admin']) #### only allow acces to logged in admins
	header ('location: /p/login/');

## clear cookies
setcookie ('uid'); // uid - null
setcookie ('pwd'); // pwd - null
unset ($_COOKIE, $_SESSION);

### end session
session_destroy ();
?>
Somehow, the cookies/session is kept, becuase I get logged in again when I open the admin page (which checks if im logged in, duh ;) ).

I'm using an auto-login, here's the code for it (is included on every page):

Code: Select all

<?php
####### are there any cookies with information on the visitor? (username, password, etc.)
if (!empty ($_COOKIE['uid']) && !empty ($_COOKIE['pwd']) && !isset ($_SESSION['admin'])) { // cookies exists and user isn't already logged in

$query['autologin'] = @mysql_query ("SELECT * FROM `admins` WHERE `name` = '{$_COOKIE['uid']}'");
$autologin = @mysql_fetch_assoc ($query['autologin']);

if (!empty ($autologin['name']) && $_COOKIE['pwd'] == $autologin['password']) { // user exists and passwords match
	### set session variables
	$_SESSION['admin']	= true;
	$_SESSION['user']	= $autologin['name'];
} // user exists and passwords match

} // cookies exists
?>
Any ideas?
Thanks in advance, vigge

Posted: Sun Oct 17, 2004 7:45 am
by kettle_drum
Set the cookie to expire an hour ago when you want to remove it.

Code: Select all

## clear cookies
setcookie ('uid', '', time()-3600); // uid - null
setcookie ('pwd', '', time()-3600); // pwd - null

Posted: Sun Oct 17, 2004 10:07 am
by John Cartwright
And just in case

$_SESSION = array();

Posted: Sun Oct 17, 2004 10:23 am
by vigge89
i tried both your code out, but I still get automaticly logged in :/

$_SESSION['admin'] seems to still be set to true, if if logout, and then try top open the admin page, i get redirected to the loginpage (where it checks if $_SESSION['admin'] is set, and if it is, u get sent back to adminpage), and then back to the adminpage.

Posted: Mon Oct 18, 2004 12:06 pm
by vigge89
Finally found a solution, I had to add '/' as the cookie-path for it too work on the login/logout setcookie() functions.
like this:

Code: Select all

//logout
@setcookie ('uid', '', time()-3600, '/');

//login
@setcookie ("uid", $uname, time() + (60*60*24*20), '/');