Tuesday 13 April 2010

How To Close a Session Properly?

Let's say you site requires users to login. When a logged in user clicks the logout button, you need to close the session associated with this user properly in 3 steps:
  1. Remove all session values with $_SESSION = array().
  2. Remove the session ID cookie with the setcookie() function.
  3. Destroy the session object with the session_destroy() function.
Below is a good sample script:
<?php
  session_start();

  $_SESSION = array();

  if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');
  }

  session_destroy();

  print("<html><pre>");
  print("Thank you for visiting FYICenter.com.\n");
  print("  <a href=login.php>Login Again.</a>\n");
  print("</pre></html>\n");
?>

No comments:

Post a Comment