hi there 1=> session_unset ans session_destroy do destroy all data of a session but they do not destroy the cookie stored in the browser, you have two chioces:
-alter the option session.cookie_lifetime en php.ini the default is '0' seconds. -after using session_unset(); and session_destroy(); use this: setcookie("PHPSESSID","","","/"); 2=> you can use the session_id() as a GET parameter and compare with the real session_id() like this main.php?login=daniel&ses=******* , the session id is always a long string containing alphanumeric characters and you can compare like this if ($_GET["login"] == $registered_login && $_GET["ses"] == session_id()) // ok autenticated else // error: not autenticated >From: "mintbaggio" <[EMAIL PROTECTED]> >To: <> >Subject: [PHP] Some questions. >Date: Tue, 13 Aug 2002 01:42:55 +0800 > >Hello >I'm a Chinese university student,I want to ask some questions about >session. >These days I'm build a website for my university with PHP, But I meet a >question when I develop the part of User Management: After I have log out >from a user page(I use "session_unset()" and "session_destroy()"),I can >return to the page again by click the button "Back"to that pagea and >refresh >it, the user page can be shown again. This is unsafe. >So I want to ask that the function "session_unset" and "session_destroy()" >will >destroy session immediately or there is a life-time for session. In my >memory, >I think that there is a life-time for session and the life-time can be >configured. > >Another question: >If the user log page is "main.php",the page for authenticate the user is >"login.php" >I use session to store the infomation of user such as : >session_register($userid); >But if the variables in the session are unfortunately be known by somebody >else. >and he can visit others' information bye the url:"login.php?userid=***",how >can solve >these problem? use a ugly but difficult session varable? > >Just two questions. >Thanks a lot. >Wish back soon! >Best wishes > Daniel _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php