I've created a user authentication session control which is working fine. The problem I'm having is when I logout a registered user, the session appears to be unset on the first load of the page but any subsequent page loads show the user that was just logged out active again. Using php 5.2.6 and the logout script is as follows...


<?php session_start();
unset($_SESSION['valid_user']);
session_destroy();
?>

Could a cookie configuration setting be causing this?

:confused: :confused:
________
Laser (http://www.ford-wiki.com/wiki/Ford_Laser)
________
Kmart Gift Cards (http://bestfreegiftcard.com/kmart-gift-cards/)

I'm not a guru, but if you are using sessions AND cookies then I believe you will need to destroy both if you want your user to remain logged out.

So the question is, do you have a cookie set to store login info?

~regards

It's just the default setup where sessions use cookies. But I haven't used in cookie related functions in my script, only sessions. I tried the following as well...


<?php session_start();

$_SESSION = array();

if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}

session_destroy();
?>

And it still doesn't solve things.... :confused:
________
medical marijuana patient (http://mmjp.org)
________
BUY GLASS PIPES (http://glasspipes.net/)

hmm....

I created a login/logout script for a youth ministry website I did earlier this year.

Here is the logout code (which works the way you are looking for):




<?php
session_start();
session_unset('username');
session_destroy();
print "<script>";
print " self.location='../index.php';"; // Comment this line if you don't want to redirect
print "</script>";
?>


In the code where I set the session, I have this line, among others:



<?php
$_SESSION['username'] = $user;
...
more session variables being set here
...
?>


I don't know how you have your script set up, but when I log into this site, then logout, a browser refresh will not log me back in. I stay logged out.

Hope this helps a bit ...

~regards

My script is basically set up identically to yours. The problem isn't when I refresh the page the logout redirects to, it's when I go to any other pages of the site, including going back to the redirected page later. It will then show me logged back in, as if the 'logout' was only temporary to the initial redirect. You can see how this is causing me a lot of grief.

Everyones suggestions up til now still hasn't fixed it...
________
roor bongs (http://roorbongs.org)
________
Babe spanish (http://www.****tube.com/categories/197/spanish/videos/1)

Try changing this line:



unset($_SESSION['valid_user']);


To this:



session_unset('valid_user');


I noticed before that you and I are using different unset functions and I'm not sure which one is more correct ... as I'm not a php guru ...

~regards

Figured it out!

Weird as this is... it was the way the various pages were being linked, as in their url's. Some links I coded without the 'www.' in front of the domain name, and some were. I guess the sessions were being kept seperate between the two url variations. Good to know.

Guess that goes to show you should always be consistent in coding standards. :D
________
vapir oxygen (http://www.vaporshop.com/oxygen-vaporizer.html)
________
How to build a heat gun vaporizer (http://www.vaporshop.com)

...
Guess that goes to show you should always be consistent in coding standards. :D

Glad to hear you fixed the problem!

I read somewhere about standards .....:rolleyes: w3 maybe? ... nahh ... wait .... was it?:confused: