My Setup Specs

PHP 4.1.1, MySQL 3.23.36, & Apache 1.3.19 with mod_auth_mysql on OpenBSD 
3.0 (OS).


Scenerio: User provides user_id and password. user_id and password are 
checked against the database (MySQL). If authentication is true the a 
session is started based on thier user_id. If autehentication is false 
Error 403 is displayed to user.

How do you destroy a session/user authentication so the user can not use 
the browser back button? I have session_destroy() which seems to work 
fine (deletes session files in /tmp) but when you press the browser back 
button the exact session that was supposidly destroied is created again. 
I've tried using unset() to reset variables but that doesn't seem to 
work either. Any ideas... please epxplain this to me. I'm total lost why 
this isn't working. BTW, I'm using cookies. Another question I would 
have is.. to kill the cookie do I have to use set_cookie to remove the 
cookie from the users browser or is this also destroied in the 
session_destroy process? If it is suppose to be why is it not doing so?

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to