tags:

views:

115

answers:

4

Hi to everyone, i am implementing a log-in system, i am sure a lot of you know what it is, i use sessions to store the user's ID, and check it if he access a page that needs the user to be logged in.
But my problem is when the user clicks the log-out anchor, nothing happens i still can access the other pages as long as the current page is open.
here is the code is use:

<?
unset($_SESSION["ID"]);
session_destroy();
header('location: ../Home/index.php');
?>

so anyone can help. thanks in advance.

+2  A: 

But my problem is when the user clicks the log-out anchor, nothing happens

A lot of things happens !

  1. Are you trying to go back with the previous button and then accessing to the login page which log you in back ?

  2. Are you page really checking for a session when a user try to display ?

  3. Are you sure you are NOT displaying a cached version of your page ?

  4. Did you check PHP sessions files are well deleted ? (maybe permission problems can occurs)

  5. Check the location header syntax, RFC2616 14.30 says:

The Location response-header field is used to redirect the recipient to a location other than the Request-URI for completion of the request or identification of a new resource. For 201 (Created) responses, the Location is that of the new resource which was created by the request. For 3xx responses, the location SHOULD indicate the server's preferred URI for automatic redirection to the resource. The field value consists of a single absolute URI.

   Location       = "Location" ":" absoluteURI

Try:

var_dump($_SESSION);

On each of your page, to see what, really happens.

Boris Guéry
+1 - Good questions
John Rasch
+2  A: 

HTTP/1.1 requires absolute URI as an argument to Location. So it should be:

header('Location: http://example.com/home');
exit();     # just to be sure
SilentGhost
+6  A: 

You need to do a session_start() before session_destroy().

If you don't, PHP has no idea which session you're trying to destroy.

R. Bemrose
+1 I think this is the problem.
Shoban
Otherwise PHP won't recognize the "ID" session variable.
ryanulit
thanks, that was the problem, really tired, i didn't see that. i did it every time i need the variable, but when destroying no. thanks again.
abdelkrimnet
@abdelkrimnet: We all have days like that.
R. Bemrose
+1  A: 

It is likely you also have to delete the session cookie:

unset($_SESSION["ID"]);
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');
}
session_destroy();
//...
John Rasch