Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,098
    Thanks
    27
    Thanked 0 Times in 0 Posts

    Questions about Log-Out feature

    I know these may sound like silly questions, but...

    1.) What should a "Log-Out" feature do?

    2.) How do you properly "Log-Out" a user?


    Here is my best stab at things...
    PHP Code:
    <?php
        
    // Initialize a session.
        
    session_start();

        
    //<!-- Include Constants -->
        
    require_once('config/config.inc.php');

        
    // Log Out User.
        
    $_SESSION['loggedIn'] = FALSE;

        
    // Redirect User.
        
    if (isset($_SESSION['returnToPage'])){
            
    header("Location: " WEB_ROOT $_SESSION['returnToPage']);
        }else{
            
    // Take user to Home Page.
            
    header("Location: " WEB_ROOT "index.php");
        }

        
    // End script.
        
    exit();
    ?>
    Sincerely,



    Debbie

  • #2
    Senior Coder
    Join Date
    Jul 2011
    Posts
    1,226
    Thanks
    3
    Thanked 171 Times in 171 Posts
    Looks good (consider using unset() instead of setting to false maybe?), but a proper logout depends on what you actually set on 'log in'. For example, if there's a remember me cookie - you'll need to delete that too. If there's any cookie associated with the login, you'll have to delete that as well. Also, if there's more than one session variable, you should unset that as well. AND it also depends on whether your session stores it's id using a cookie (this is default). As a failsafe method, you should follow the method on the session_destroy() manual - http://php.net/manual/en/function.session-destroy.php . This not only resets all session variables, but it deletes any cookies associated with the session itself and then destroys the session. Following that method, you should also delete any cookies you set yourself.

    As a note, this will remove any variables in the $_SESSION array, meaning you might want to check if they exist before comparing indexes with values.

    PPS - I was quite tired when writing this, but I think I was coheirent haha, let me know if you want anything cleared up.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •