Page 1 of 1

Logout page

Posted: Thu Apr 12, 2007 6:03 pm
by enemeth
Hi there , i got this script that seems to work but only does half the job , can someone look it over and let me know why it is doing what it is doing

Code: Select all

<?php
    // This blurb starts the session for the users.
   session_start();
    header("Cache-control: private"); // Fix for ie6
?>
<?php include 'headermem.php'; ?>
<center><font color=white> Are you sure you want to logout?</font></center><br> 
<center><a href=/index.php>Yes</a> | <?php unset($_SESSION['username']); session_destroy();
?>
<a href=javascript:history.back()>No</a>"; }
<?php include 'footermem.php'; ?>
first of all , you click on the log out link, which brings you to this page , that asks you if you want to log out , yes or no,
you click on no it brings you back to the page you were at before, you click yes and it brings you back to the index.php logging you off,

this is what i need it to do ! it does it all, even logs the people out , but the problem is , right when you click on the initial link to get to the log out page, it logs you out, you dont even have to click on yes, so if someone clicks on the logout link from any other page lets say by mistake it logs you out! how do i stop it from logging you out right away and only log you out when you click yes?

any ideas?

Thank you

Elaine

Posted: Thu Apr 12, 2007 6:14 pm
by aaronhall
Always encapsulate HTML properties in double-quotes

Code: Select all

<a href="javascript:history.back()">
You could also use $_SERVER['HTTP_REFERER'] as a reference to the previous page

Posted: Thu Apr 12, 2007 6:51 pm
by RobertGonzalez
You need to wrap the session destruction in a conditional. Right now if the page loads the session ends.

Posted: Thu Apr 12, 2007 7:10 pm
by enemeth
can you give me an example of this conditional for the sessions?

Elaine

Posted: Thu Apr 12, 2007 7:24 pm
by John Cartwright

Code: Select all

if (isset($_GET['confirm'])) {
   //do logout
}
and to trigger this, you would append ?confirm=true to your link.

Posted: Thu Apr 12, 2007 7:52 pm
by enemeth
ok quick question, i cant get it ,

does a session time out after a while?

after the user closes the page?

Elaine

Posted: Thu Apr 12, 2007 8:17 pm
by aaronhall
By default, the cookie on the client's computer is deleted after the client closes the browser... this essentially terminates the session. The session data on the server is destroyed shortly thereafter.

Posted: Thu Apr 12, 2007 8:52 pm
by enemeth
thank you !

Elaine

Posted: Fri Apr 13, 2007 2:10 am
by RobertGonzalez
Default session idle time is 24 minutes. That can be changed in the php.ini.

Basically what you want to do is offer the user the ability to choose whether or not they really want to log out after the voluntarily clicked the logout link. So present the user what you are now, except the part where the session is destroyed. Save that for a second pass after they click the are you sure link.