View Full Version : Questions about Log-Out feature

09-07-2011, 07:03 AM
I know these may sound like silly questions, but...

1.) What should a "Log-Out" feature do?

2.) How do you properly "Log-Out" a user?

Here is my best stab at things...

// Initialize a session.

//<!-- Include Constants -->

// Log Out User.
$_SESSION['loggedIn'] = FALSE;

// Redirect User.
if (isset($_SESSION['returnToPage'])){
header("Location: " . WEB_ROOT . $_SESSION['returnToPage']);
// Take user to Home Page.
header("Location: " . WEB_ROOT . "index.php");

// End script.



09-07-2011, 07:45 AM
Looks good (consider using unset() instead of setting to false maybe?), but a proper logout depends on what you actually set on 'log in'. For example, if there's a remember me cookie - you'll need to delete that too. If there's any cookie associated with the login, you'll have to delete that as well. Also, if there's more than one session variable, you should unset that as well. AND it also depends on whether your session stores it's id using a cookie (this is default). As a failsafe method, you should follow the method on the session_destroy() manual - http://php.net/manual/en/function.session-destroy.php . This not only resets all session variables, but it deletes any cookies associated with the session itself and then destroys the session. Following that method, you should also delete any cookies you set yourself.

As a note, this will remove any variables in the $_SESSION array, meaning you might want to check if they exist before comparing indexes with values.

PPS - I was quite tired when writing this, but I think I was coheirent haha, let me know if you want anything cleared up.