session cookie won't die

Anon

I'm digging around trying to figure this one out and maybe someone can help. I'm starting a session with session_start() and everything works fine. The users log on to the site with a username / pass stored in mysql and I session_register their $user_number (from mysql) to keep track of who is who.

If they click the "log off" button then I session_unregister("user_number") and they are logged out.

The problem is that if they don't log out this way, then their $user_number session variable is saved because their PHPSESSID cookie is saved. And they are still logged on. And they probably think they are not (I would).

The cookie is persistent no matter what. Shut down the browser, etc. I can't seem to kill it. I have tried setcookie("PHPSESSID") and so many other kludges that I can't remember them all.

help?

Anon

Did you ever find a solution to your problem. if yes pls let me know
because session_unregister is not working and I am not able to log off a user

Thanks

Anon

Somebody on this board gave me this idea, and this is what I am doing at the top of every page:

If ($HTTP_SESSION_VARS["timeout"] > date(U))
{
$timeout = date(U) + $seconds_till_timeout;
session_register("timeout");
}
Else
{
// logged out (do something to log them out)
header("Location: logout_page.php");
}

When the user logs on, I set the "timeout" session variable. I have set the $seconds_till_timeout to 1800.

This is working very well for me, although it seems a bit of a kludge.

Anon

Hi mark,

Since sessions are not getting unregistered I'm using it to my advantage by registering a boolean var to false when the signout butn is pressed and as long as this value is set to false I'll ask him login

A little more coding to make it more secure
but basically the boolean var seems to do the trick ..... for now

Neville