need help with logout.php page!

Problems with the Windows version of XAMPP, questions, comments, and anything related.

need help with logout.php page!

Postby manddox » 01. July 2009 08:54

Hello everyone,

I am unable to logout from sessions even after I have unset the session variables and used session_destroy() function. In order to logout I am just using the link to my logout.php page. The link is as follows:
Code: Select all
<a href='posts.php'>Home</a> || <a href='logout.php'>Logout</a>

And the logout.php page is as follows:
Code: Select all
<?php
session_start();
unset($_SESSION['username']);  //Unset the $_SESSION array value

/* unset($_SESSION['password']);
unset($_SESSION['user_id']); */

if (isset($_SESSION['username']))
{
  $_SESSION['username'] = "";


/* if ( isset($password) )
{
   @setcookie( "password", $password );
} */

session_unset();
session_destroy(); // Logout of the site
if(!isset($_SESSION["username"]))
{
   echo 'You have successfully logged out!<br/>';
   echo 'To enter again, please <a href="login.php">login!</a>';
   exit;
}
?>

After logging out if i click the back button on my browser I am able to view the pages which should not be the case and also when I click on the login link, it logs me in without any prompt for the username and password. But when I clear the cache from my browser, it gives me the prompt for username and password upon clicking in the login link. So, basically the cache is not getting cleared when I log out but clearing the cache manually does the job. Please help me guys with this as am new to php programming! thanks in advance!.

Please put some light and help me on this!
manddox
 
Posts: 10
Joined: 03. May 2009 14:22

Re: need help with logout.php page!

Postby glitzi85 » 03. July 2009 19:05

1) Your Logout procedure is quite long. Did you check the PHP manual? http://de.php.net/manual/en/function.session-destroy.php

2) It is not possible to clear the cache of a browser from the webserver. However, you can try to prevent the browser from caching: http://www.faqts.com/knowledge_base/view.phtml/aid/23514/fid/51

glitzi
User avatar
glitzi85
 
Posts: 1920
Joined: 05. March 2004 23:26
Location: Dahoim

Re: need help with logout.php page!

Postby roman2 » 03. July 2009 20:12

It shouldn't be necessary to clear browser's cache to log somebody out. Otherwise, it would mean that your site's security would depend on users' actions. There must be an error. Likely in your login file. Can you post it?

Here's what I do in my logout function, which has always worked on both Windows and Linux:
Code: Select all
   
      // Delete the session cookie.
      if(isset($_COOKIE[session_name()])) {
         setcookie(session_name(), '', time()-42000, '/');
      }
      
      session_destroy();


You may also want to try this before you exit your script: session_write_close();
roman2
 
Posts: 17
Joined: 03. July 2009 15:56
Operating System: 32-bit Windows 7

Re: need help with logout.php page!

Postby roman2 » 03. July 2009 20:19

Here's what you need to read: http://php.net/manual/en/function.session-destroy.php:

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.


Also, read a comment by vmbharathi at http://php.net/manual/en/function.session-unset.php

But even if you unset a variable on logging out that you check upon logging in, what you do should work. Do post your login.php here.
roman2
 
Posts: 17
Joined: 03. July 2009 15:56
Operating System: 32-bit Windows 7

Re: need help with logout.php page!

Postby manddox » 07. July 2009 13:06

Sorry for the late reply...was out of town!! One thing I am confused about here is that...am I supposed to assign a variable like the 'username' to session_name() or does it return the name of the current session without me doing anything here?? As in the PHP manual, it says that session_name() returns the current session name....what does it mean by this? Do I have to name my session?

Below is my login.php page. Please check if there is any loop hole here!!
Code: Select all
<?php
require_once("../db_login.php");
require_once('config.php');
require_once("Auth/HTTP.php");
$AuthOptions = array( 'dsn' => "mysql://$db_username:$db_password@$db_host/$db_database",
                 'table' => "users",
                 'usernamecol' => "username",
                 'passwordcol' => "password",
                 'cryptType' => "md5",
                 'db_fields' => "*"
               );
$authenticate = new Auth_HTTP("DB",$AuthOptions);
$authenticate->setRealm('Member Area');
$authenticate->setCancelText('<h2>Access Denied</h2>');
$authenticate->start();
if($authenticate->getAuth())
{
   session_start();
   $smarty->assign('blog_title', $blog_title);
   $smarty->display('header.tpl');
   $_SESSION['username'] = $authenticate->username;
   $_SESSION['first_name'] = $authenticate->getAuthData('first_name');
   $_SESSION['last_name'] = $authenticate->getAuthData('last_name');
   $_SESSION['user_id'] = $authenticate->getAuthData('user_id');
   echo "Login Successful! Great to see you back ";
   echo $authenticate->getAuthData('first_name');
   echo " ";
   echo $authenticate->getAuthData('last_name').".<br />";
   $smarty->display('footer.tpl');
}
?>
manddox
 
Posts: 10
Joined: 03. May 2009 14:22


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 41 guests