Logout Help [Sessions/Cookies]
Posted: Tue Feb 07, 2006 4:17 am
Hi.
Reet. This is my problem.
I have HTTP authentication in my application, this is in a script called login.php.
login.php:
The constants used above are defined in a file called config.php. The contents are quite predictable so I won't post the code.
Anyway, pages I want to protect start like this:
index.php
So, that works fine. It prompts me, I enter stuff correctly, it logs me in, and greets me appropriately.
Now, if I click logout.
logout.php
It echo's You are now logged out. Then, if I press Go Back or just type in the URL to a protected page, I'm logged in automatically! I can press log out again, and it will say you are now logged out again, and the same will happen. The only way to logout is to close the browser (...and effectively destroy the session).
I must be missing something, but I don't know what it is.
Help!!
Reet. This is my problem.
I have HTTP authentication in my application, this is in a script called login.php.
login.php:
Code: Select all
<?php
//Start the session
session_start();
//If the username session isn't set
if(!isset($_SESSION['username'])) {
//If the submitted username and password do not match those required
if($_SERVER['PHP_AUTH_USER'] !== SITE_USER || $_SERVER['PHP_AUTH_PW'] !== SITE_PASS) {
//Prompt for login
header('WWW-Authenticate: Basic realm="Wright & Shields Vehicle Management System"');
//Show an unauthorized page if cancel is clicked
header('HTTP/1.0 401 Unauthorized');
} else {
//Log the user in
$_SESSION['username'] = $_SERVER['PHP_AUTH_USER'];
}
}
?>Anyway, pages I want to protect start like this:
index.php
Code: Select all
<?php
//Get the config
require('includes/config.php');
//Show the login
require('includes/php/login.php');
//Set the page title and include the HTML header
$page_title = 'Welcome';
include('includes/html/header.html');
//Show some jibberish introduction
echo '<b><u>' . $_SESSION['username'] . '</u>, Welcome to the Wright & Shields Vehicle Management System!</b><br />
<br />
Please navigate the system using the links at the top.<br />';
//Include the HTML footer
include('includes/html/footer.html');
?>Now, if I click logout.
logout.php
Code: Select all
<?php
//Start the session
session_start();
//Show the HTML header
echo '
<html>
<head>
<title>Wright & Shields Vehicle Management System: Log Out</title>
<link rel="StyleSheet" href="includes/css/style.css" />
</head>
<body>
<center>
<a href="index.php"><img src="images/logo.jpg" border="0" alt="Wright & Shields Vehicle Management System" /></a><br />
<br />';
//If the user is logged in
if(isset($_SESSION['username'])) {
//Log them out
$_SESSION = array(); //Clear the session array
session_destroy(); //Destroy the session
setcookie('PHPSESSID', '', time()-300, '/', '', 0); //Wipe the users cookie
unset($_SERVER['PHP_AUTH_USER']); //Unset the username
unset($_SERVER['PHP_AUTH_PW']); //Unset the password
//Show a success msg
echo 'You are now logged out.';
} else {
//Show an error
echo 'You aren\'t logged in.';
}
//Show the HTML footer
echo '
<br />
<br />
<a href="index.php">Go Back</a><br />
<br />
© Copyright <a href="http://www.wrightandshields.co.uk">Wright & Shields</a> 2006.
</center>
</body>
</html>';
?>I must be missing something, but I don't know what it is.
Help!!