[CUT]
I am using SESSION on al my secure projects
I use a file structur as this:
(loginform) -> logincheck.php (if not ok->back2login | if ok (start an
session)(forward to the secure pages))
When the user logs out:
(securepages)->logout.php:
<?PHP
//go through all the session array an unregister the varname
foreach($_SESSION as $key=>$val){
session_unregister("$key");
}
// We destroys the session
session_destroy();
//if there are an cookie vith the session name we have to unset it
//so the browser doesn't hvae the information
if(isset($_COOKIE[session_name()])){
// To delete the old cookie
unset($_COOKIE[session_name()]);
}
//we starts an new session
session_start();
//and we destroys it again
session_destroy();
//Now there are an new session cookie in the browser,
//and if the user try go back there are no data stored in the session
//we forward the user to an unsecure public page
header("Location: ./unsecurepublicpage.php");
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
