On Sat, February 16, 2008 2:31 pm, Adil Drissi wrote:
> I need help with sessions.
> I have a simple authentification relying only on
> sessions (i don't use cookies).
Do you mean that you are also using the "no_cookie" setting in PHP and
using the URL to pass around the session ID?
Or jut that you don't use "extra" cookies on top of the one PHP uses
by default?
> After the user submits
> his username and password, the script checks if that
> corresponds to a record in a mysql table. If this is
> the case "$_SESSION['sessioname'] = $_POST['login'];".
> the $_SESSION['sessioname'] is checked in subsequent
> pages to see if the user is connected or not.
> The problem is after the user logs out, and after that
> uses the previous button of the browser he becomes
> connected. How can i prevent this please.
If the URL has the old session ID, and you aren't destroying it
completely somehow, then they'll be logged in once they go back to the
URL with the session ID.
<?php
session_start();
unset($_SESSION["sessioname"]);
session_destroy();
header("location: index.php");
?>
If you want to destroy the session completely, use:
$_SESSION = array();
to wipe out ALL the session data.
Also, on *some* browsers, sending the cookies session_start (if you
are using cookies) and the Location: header with an INCOMPLETE URL
means the browser will screw up.
Use the COMPLETE URL in your header("Location")
And use a capital "L" in Location, as well, to be totally kosher, I
think.
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
