On 19/04/06, Shannon Doyle <shannon@xxxxxxxxxx> wrote:
> Trying to get a session to destroy correctly, however the darn thing just
> refuses to destroy. I call the following in a separate webpage in a effort
> to destroy the session, only to find that the session still persists.
>
> <?php
> session_start();
> session_unset();
> session_destroy();
> Header("Location: index.php");
> ?>
First of all, if you're using $_SESSION or $HTTP_SESSION_VARS, the PHP
manual will tell you to use unset($_SESSION['key']) rather than
session_unset(). Personally though, I've found the following code
works well for completely destroying a session:
<?php
$_SESSION = array(); // clear all the session variables (don't use
unset($_SESSION))
// clear the session cookie if it exists
if ( isset($_COOKIE[session_name()]) )
{
setcookie(session_name(), '', (time() - 86400), /);
}
session_destroy();
?>
Also, when using redirects, you should specify the complete absolute
URL, not a relative one. You can sometimes get away with using a
relative one but it's bad practice and breaks section 14.30 of RFC
2616 (the HTTP/1.1 specification).
Paul
--
Data Circle
http://datacircle.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
