Log out

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
thatsme
Forum Commoner
Posts: 87
Joined: Sat Apr 07, 2007 2:18 am

Log out

Post by thatsme »

Code: Select all

session_start();
require_once('general/require_once.php');
$member_id=$_SESSION[member_id'];

if(empty($member_id) || (!isset($_SESSION[member_id'])))
{
    header("Location: ".WEB_URL."/login.php");
}

session_unset();
session_destroy();
$_SESSION = array();

header("Location: ".WEB_URL."/login.php");
Is this code enough for logout?
jmut
Forum Regular
Posts: 945
Joined: Tue Jul 05, 2005 3:54 am
Location: Sofia, Bulgaria
Contact:

Post by jmut »

Well, putting parse errors aside... I don't think $_SESSION can be accessed after you kill the session. Just put error_reporting(E_ALL) on top..and try it out. See if wanted behaviour. In general though, this should be ok

Code: Select all

$_SESSION = array();
        if (isset($_COOKIE[session_name()])) {
            setcookie(session_name(), '', time()-42000, '/');
        }
        session_destroy();
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

exit() after header('Location ...)
User avatar
crystal ship
Forum Commoner
Posts: 36
Joined: Wed Aug 29, 2007 5:45 am

Post by crystal ship »

' is missing there in your $_SESSION[member_id'].
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

jmut wrote:Well, putting parse errors aside... I don't think $_SESSION can be accessed after you kill the session. Just put error_reporting(E_ALL) on top..and try it out. See if wanted behaviour.
It can. Well, sessions can't be accessed, but the variable '$_SESSION' can be set to an empty array, as can any other variable. It's just not actively tied to a session at that point.

Code: Select all

$_SESSION = array();
        if (isset($_COOKIE[session_name()])) {
            setcookie(session_name(), '', time()-42000, '/');
        }
        session_destroy();
That is good. :)

And yes, quote the whole index, $_SESSION['member_id'].

And as mentioned above, definitely call exit; after header(), although from what you posted, you're not sending any headers so it should be okay in that particular circumstance.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Post by onion2k »

That seems a bit brutal to me. I prefer to keep track of what session variables my applications use, and then unset the ones I need to unset when a user logs out. Unsetting all of them is often counterproductive .. for example, I find it useful to set things like the timestamp of the first hit on the site so I can track a user's path through the site. If you just get rid of everything when they log out you'd lose that sort of information.

Plus, an idea I've just had, I think it might be useful to track an array of all the users that are used in a session. That might be a handy indicator of abuse and/or password sharing by site admin.
Post Reply