6 replies to this topic

[brbcoding]

So, I've basically got a registration system and login system etc... all done, working just fine. Logout is the part that isn't working like I think it should. I've got a link to "logout.php"... logout.php looks like this:

<?php
session_start();
session_destroy();
header("location:redirect.php");
?>

redirect.php is just a page that has a 5...4...3... etc.. countdown and redirect to login. I feel like this should be working, however, it doesn't seem to be 'destroying' the session. When I open 'Edit This Cookie' in Chrome, I can still see the PHPSESSID. What gives?

[gregwarner]

Check the documentation on session_destroy():
http://php.net/manua...ion-destroy.php

session_destroy() clears the session variables stored on the server side, not the client side. So the client's cookies will remain in the browser's cache. They will hold invalid data as far as the server is concerned, and a new session ID will be handed out next time the user logs into the site. However, if you want to totally erase the session variables on the client side as well as the server side, you'll need to additionally use setcookie() to clear the cookies in the user's browser.

[brbcoding]

Check the documentation on session_destroy():
http://php.net/manua...ion-destroy.php

session_destroy() clears the session variables stored on the server side, not the client side. So the client's cookies will remain in the browser's cache. They will hold invalid data as far as the server is concerned, and a new session ID will be handed out next time the user logs into the site. However, if you want to totally erase the session variables on the client side as well as the server side, you'll need to additionally use setcookie() to clear the cookies in the user's browser.

Oh jeeze... DUH lol. I think I've been looking at this for way too long.

[Irbis]

try somethig like this

if(isset($_SESSION['name'])) {
unset($_SESSION['name'];
session_destroy();
}
session_start();

[brbcoding]

What's the difference between doing that and what I did? I know it's just checking whether or not it is set... I initialize the session (just in case one isn't initialized), and then destroy it...

[gregwarner]

try somethig like this

if(isset($_SESSION['name'])) {
unset($_SESSION['name'];
session_destroy();
}
session_start();

Again, unset($_SESSION['name']) only affects session variables on the server side. @Cody's issue was with affecting variables on the client side. For that, you must use setcookie().

[brbcoding]

Again, unset($_SESSION['name']) only affects session variables on the server side. @Cody's issue was with affecting variables on the client side. For that, you must use setcookie().

Yep... dropped my brain again I guess . You should have just told me 'hey dummy, php is server side'...