[php]Problem with logging out |
[php]Problem with logging out |
Pieman |
Mar 29 2008, 10:01 AM
Post
#1
|
Member Group: Members Posts: 43 Joined: 10-February 08 Member No.: 4,927 |
I have this log in script, that sets these sessions and cookies:
CODE setcookie("uname",$_COOKIE['uname'],time()+60*60*24*30, '/'); setcookie("passw",$_COOKIE['passw'],time()+60*60*24*30, '/'); setcookie('style', $_COOKIE['style'],time()+60*60*24*30, '/'); setcookie("sname",$row[2],time()+60*60*24*30, '/'); $_SESSION['uname'] = $_COOKIE['uname']; $_SESSION['passw'] = $_COOKIE['passw']; $_SESSION['sname'] = $row[2]; I'm trying to make a logout page, so naturally I thought if I just destroy all those sessions and cookies, you should be logged out. I use this script for that. CODE <?php setcookie("uname",0, time() -3600, '/'); setcookie("passw",0, time() -3600, '/'); setcookie("sname",0, time() -3600, '/'); setcookie("style",0, time() -3600, '/'); $_SESSION["uname"] = ""; $_SESSION["passw"] = ""; $_SESSION["sname"] = ""; ?> <meta http-equiv="refresh" content="3;URL=/blog/" /> You've been logged out. You're now being redirected to the main page. I checked, it destroys all cookies except for the session id one. (Which can't be destroyed I believe) So does anyone have an idea on how to unset everything? (unset()) didn't work either. This post has been edited by Pieman: Mar 29 2008, 10:01 AM |
Brian Chandler |
Mar 29 2008, 10:37 AM
Post
#2
|
Jocular coder Group: Members Posts: 2,460 Joined: 31-August 06 Member No.: 43 |
First, I don't understand why you are using sessions (and presumably putting the session ID in a cookie?) then using separate cookies for the session data.
Have you read the php manual? Particularly: http://jp2.php.net/manual/en/function.session-destroy.php This tells you how to clear all the data in the user's session - presumably this is enough, in general, because if all the data has gone, the user can't access it any more. But use setcookie() to delete the cookie, it says. Just setting the $_SESSION values to blank seems like the wrong approach. Disclaimer: I fiddled with sessions once, and couldn't get them to work. |
Pieman |
Mar 29 2008, 11:28 AM
Post
#3
|
Member Group: Members Posts: 43 Joined: 10-February 08 Member No.: 4,927 |
First, I don't understand why you are using sessions (and presumably putting the session ID in a cookie?) then using separate cookies for the session data. Have you read the php manual? Particularly: http://jp2.php.net/manual/en/function.session-destroy.php This tells you how to clear all the data in the user's session - presumably this is enough, in general, because if all the data has gone, the user can't access it any more. But use setcookie() to delete the cookie, it says. Just setting the $_SESSION values to blank seems like the wrong approach. Disclaimer: I fiddled with sessions once, and couldn't get them to work. Yeah, it seemed to be a pretty smart thing to do at the time. Evidently it wasn't. So I think I'll just edit the login script to only set cookies, |
Lo-Fi Version | Time is now: 19th April 2024 - 07:36 PM |