SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,760
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Proper way to Log Out??

    I am trying to figure out the *proper* way to completely log out any current Users.

    I have a Registration Form, and before I start working with the $_SESSION variable for the person registering on my website, I want to be 100% certain that any $_SESSION variables on the server or any Session Cookies that might be leftover on the current User's computer are erased, so nothing gets cross-pollinated!!

    I have been looking at the PHP Manual, but there seem to be a couple of functions and approaches, and I'm not sure what the *correct* way to do things is?!

    (Security and privacy are really important to me, and since my website will also have an e-commerce module, I need to make sure I understand the right way to go about logging out Members so no one gets hurt!!)

    Sincerely,


    Debbie

  2. #2
    Barefoot on the Moon! silver trophy Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,606
    Mentioned
    56 Post(s)
    Tagged
    1 Thread(s)
    All you should need to do is just destroy the session. If the browser can't find the session ID on the server, the browser can't do anything with a session (and session token) that no longer exists.

    Code:
    <?php
    session_start();
    session_unset();
    session_destroy();
    
    header("location:index.php");
    ?>
    As for cookies, are you setting an expiration on them when you use setcookie()?

    To kill a cookie entirely, set the expiration date for yesterday.

    So, everything together:

    Code:
    <?php
    session_start();
    setcookie("mycookie", "", time()-3600);
    session_unset();
    session_destroy();
    
    
    header("location:index.php");
    ?>
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  3. #3
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,760
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Force Flow,

    Remember, this is for a Registration Form, so the following needs to happen...

    1.) Destroy any existing Session Variables on the server

    2.) Destroy any existing Sessions on the server

    3.) Destroy any Session Cookies on the client

    4.) Create a new Session for the person Registering

    5.) Store necessary data in Registering User's Session to complete Registration.


    I'm not sure if I have to start a session, kills a session, and then start a new session all in the same script or what?!

    What I have now seems to work, but logically when I read it it doesn't make sense. (I can post it here if that helps?!)

    So I figured I better ask the experts for help (again)!!

    Sincerely,


    Debbie

  4. #4
    SitePoint Enthusiast Strider64's Avatar
    Join Date
    Aug 2012
    Posts
    36
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I'm just curious, I know my registration system a new user doesn't get his/her information placed into $_SESSION['user'], so that person isn't logged into the system in the first place.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •