hi there

1=> session_unset ans session_destroy do destroy all data of a session but 
they do not destroy the cookie stored in the browser, you have two chioces:

-alter the option session.cookie_lifetime en php.ini the default is '0' 
-after using session_unset(); and session_destroy(); use this:

2=> you can use the session_id() as a GET parameter and compare with the 
real session_id() like this main.php?login=daniel&ses=******* , the session 
id is always a long string containing alphanumeric characters and you can 
compare like this

if ($_GET["login"] == $registered_login && $_GET["ses"] == session_id())
    // ok autenticated
    // error: not autenticated

>From: "mintbaggio" <[EMAIL PROTECTED]>
>To: <>
>Subject: [PHP] Some questions.
>Date: Tue, 13 Aug 2002 01:42:55 +0800
>I'm a Chinese university student,I want to ask some questions about 
>These days I'm build a website for my university with PHP, But I meet a
>question when I develop the part of User Management: After I have log out
>from a user page(I use "session_unset()" and "session_destroy()"),I can
>return to the page again by click the button "Back"to that pagea and 
>it, the user page can be shown again. This is unsafe.
>So I want to ask that the function "session_unset" and "session_destroy()" 
>destroy session immediately or there is a life-time for session. In my 
>I think that there is a life-time for session and the life-time can be 
>Another question:
>If the user log page is "main.php",the page for authenticate the user is 
>I use session to store the infomation of user such as :
>But if the variables in the session are unfortunately be known by somebody 
>and he can visit others' information bye the url:"login.php?userid=***",how 
>can solve
>these problem? use a ugly but difficult session varable?
>Just two questions.
>Thanks a lot.
>Wish back soon!
>Best wishes


Send and receive Hotmail on your mobile device: http://mobile.msn.com

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to