Instead of doing a foreach to unset your session variables you can use session_unset(); which will unset all your session variables for you.
Additionally if you are wanting to remove a cookie from a visitor's browser you should use setcookie, not unset $_COOKIE, $_COOKIE allows you to access the value of a cookie but not set or alter the contents of the actual cookie. The manual page for session_unset is http://www.php.net/manual/en/function.session-unset.php The manual page for setcookie is http://www.php.net/manual/en/function.setcookie.php Also once you have executed session_destroy you have deleted the session information from the server, if you delete the sessionid cookie from the browser they will get a new session id the next time a session is started, there is no need to immediatly start and destroy another session. If you do not care if a user gets a new session id the next time they visit your site you do not necessarily have to worry about deleting the sessionid cookie as the data is already destroyed and the cookie will be deleted when they close their browser (if cookie life is 0) or when the cookie lifetime expires. Most if not all of this information is available from the PHP manual at http://www.php.net/manual Jason On Wed, 2003-01-01 at 10:56, David Tandberg-Johansen wrote: > [CUT] > > I am using SESSION on al my secure projects > I use a file structur as this: > (loginform) -> logincheck.php (if not ok->back2login | if ok (start an > session)(forward to the secure pages)) > > When the user logs out: > (securepages)->logout.php: > <?PHP > //go through all the session array an unregister the varname > foreach($_SESSION as $key=>$val){ > session_unregister("$key"); > } > // We destroys the session > session_destroy(); > > //if there are an cookie vith the session name we have to unset it > //so the browser doesn't hvae the information > if(isset($_COOKIE[session_name()])){ > // To delete the old cookie > unset($_COOKIE[session_name()]); > } > //we starts an new session > session_start(); > //and we destroys it again > session_destroy(); > //Now there are an new session cookie in the browser, > //and if the user try go back there are no data stored in the session > > //we forward the user to an unsecure public page > header("Location: ./unsecurepublicpage.php"); > ?> > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
