We are using phplib (cookie mode) with php-4.02.....and i do experiment wierd behavior when logging out.
Our site is a framed site.
The login screen is, therefore, outOfFram_ed with a javascript.
To get rid of caching problem, our frameset is not cached (http header no-cache)
Now...when a user logout (with the link-button or directly jump to another url - onunload javascript- ) a popup window is displayed.
This window received the session stuff, then delete the session.
I tried many ways to delete the sessions.
from $sess->delete (phplib) to my own DeleteSession which i can see deleting from the tables,
i also tried just to unauth (phplib) the user,
Our last version of the script do :
delete the cookie with setcookie("cookie_name");
delete the session stuff from the table.
It just do not set $HTTP_VAR_COOKIES[cookie_name] = "" ;
My Problem is :
After i logout, let s say i'm on yahoo.com, if i do a back (i have the data missing page), another back, i have the login screen, a forward (i'm back on the data missing page), a reload.....then i get authentified with my session....i just can do what i want.....
Anybody could help ?
Thanks,
Herve.
