Getting my signout button to work

Question

Hey there, I am trying to get my signout button to work. This is what I have in my code:

<!-- Signed In -->
<?php if($_SESSION['*****']['AUTH']) { ?>




<div id="signOut">
    Sign Out
</div>
<div id="signIn">

    <form name="sendEmail" action="index.php" method="post">
        <input type="text" name="name" class="text"/> 
        <input type="submit" name="subSendEmail" value="Search" class="rounded {transparent} button" />
    </form>
</div>

do I need to make a form like the sign in? or what is the best way to do this and terminate the session through php and send user back to index?

thanks!

Answer 1

To log the user out, you need to remove the data from the session. Typically, there's no problem in clearing out the session when you do this, since any data there is likely to be related to the logged-in session.

You can clear the session data using session_destroy(). I'd suggest creating a simple logout.php script, similar to the following, which you can then link to:

<?php
session_destroy();
header( 'Location: index.php' );

This would redirect the user back to index.php, returning them to a "non logged-in" view.

Alternatively, if you wanted to have the user submit a form to confirm the logout operation, you can simply post the form to the script above, and it would do the same thing:

<form method="post" action="logout.php">
    <p>Are you sure you want to log out?</p>
    <p><input type="submit" value="Log Out" /></p>
</form>

Answer 2

it looks like you a new at this so, I'm going to try and translate the correct answer above as straightforward as possible.

when somebody signs in, you give them a $_SESSION variable that follows them all around the site with their "logged in" information stored. it looks like you have this figured out so far.

therefore, logically, if the $_SESSION variable is what tells the site that you are signed in, then removing the $_SESSION variable (or "session_destroy()" - ing the $_SESSION variable) will sign you out.

luckily, killing this variable is very easy, and can be done anywhere on a .php page. the method is as follows:

session_destroy();

yes. that is it. the whole enchilada. you just put that bad boy somewhere, and when php hits it, it will destroy whatever session your user had going - therefore "signing them out".

so, where do you put this? you put this anywhere you want php to log someone out. it could be at the top of your home page, it could be done when a form submits, it can even just be its own page altogether...which is the way I would suggest.

for example, as Rob stated above, you could create a page called logout.php. the user would somehow get to this page (via a hyperlink, or a form, or something), the php would do its trick, and then the php would transport them somewhere else once they are signed out. how would that look? check this out:

<?php
session_start(); // open the user's session on the page
session_destroy(); // kill the user's session

header("Location: somewhere.php"); // take the user somewhere else
?>

finally...there are tons of great resources about this. i recommend reading them (and btw, also resources on if statements from the look of your example) until your brain is numb and you dream about PHP.