468,554 Members | 1,388 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,554 developers. It's quick & easy.

php sessions and session destroy: log out still allows access to admin page

if i login as admin it redirects me to admin page.There i kept one button called log out. if i give log out the session will be closed but again if i give back the page automatically redirects to the admin page without giving username and password. For that what can i do.?
Feb 14 '13 #1
1 1809
If you logout and and the session script still accesses admin folder in your site, there is a problem. The session id is not destroyed.
What you need to do is to destroy the session by session.destroy("id")
destroy session("id");

Expand|Select|Wrap|Line Numbers
  1. <?php // logout.php 
  2. session_start(); 
  3. unset($_SESSION); 
  4. // you may want to delete the session cookie 
  5. if (isset($_COOKIE[session_name()])) { 
  6.   setcookie(session_name(), '', time()-60); 
  7. session_destroy(); 
  8. echo 'You have been logged out.'; 
  9. ?>
Apr 10 '13 #2

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

8 posts views Thread by Amith Singh | last post: by
3 posts views Thread by =?Utf-8?B?R1ROMTcwNzc3?= | last post: by
3 posts views Thread by T. Wintershoven | last post: by
1 post views Thread by UniDue | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.