1=> session_unset ans session_destroy do destroy all data of a session but
they do not destroy the cookie stored in the browser, you have two chioces:
-alter the option session.cookie_lifetime en php.ini the default is '0'
-after using session_unset(); and session_destroy(); use this:
2=> you can use the session_id() as a GET parameter and compare with the
real session_id() like this main.php?login=daniel&ses=******* , the session
id is always a long string containing alphanumeric characters and you can
compare like this
if ($_GET["login"] == $registered_login && $_GET["ses"] == session_id())
// ok autenticated
// error: not autenticated
>From: "mintbaggio" <[EMAIL PROTECTED]>
>Subject: [PHP] Some questions.
>Date: Tue, 13 Aug 2002 01:42:55 +0800
>I'm a Chinese university student,I want to ask some questions about
>These days I'm build a website for my university with PHP, But I meet a
>question when I develop the part of User Management: After I have log out
>from a user page(I use "session_unset()" and "session_destroy()"),I can
>return to the page again by click the button "Back"to that pagea and
>it, the user page can be shown again. This is unsafe.
>So I want to ask that the function "session_unset" and "session_destroy()"
>destroy session immediately or there is a life-time for session. In my
>I think that there is a life-time for session and the life-time can be
>If the user log page is "main.php",the page for authenticate the user is
>I use session to store the infomation of user such as :
>But if the variables in the session are unfortunately be known by somebody
>and he can visit others' information bye the url:"login.php?userid=***",how
>these problem? use a ugly but difficult session varable?
>Just two questions.
>Thanks a lot.
>Wish back soon!
Send and receive Hotmail on your mobile device: http://mobile.msn.com
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php