I have login.php validate a users name and pwd via mysql, then set $access = 1; ..... I am having no problems passing that to the next script for authentication via the url- but the problem comes in when they go to the script that kills the session. When they access the page, the variables seem to be killed and such- since when you click "back" on your browser you no longer have access to previous pages. BUT- If you click the link to login.php and login with the same username and pwd, a new session id is not assigned- The session id is identical to the one I just killed. I'm a newb when it comes to sessions- I would appreciate any help.
Logout.php is as follows:
<?
session_start();
register_globals = off ### +++
//HTTP_GET_VARS
while (list($key, $val) = @each($HTTP_GET_VARS)) {
$GLOBALS[$key] = $val;
}
//HTTP_POST_VARS
while (list($key, $val) = @each($HTTP_POST_VARS)) {
$GLOBALS[$key] = $val;
}
//HTTP_POST_FILES
while (list($key, $val) = @each($HTTP_POST_FILES)) {
$GLOBALS[$key] = $val;
}
//$HTTP_SESSION_VARS
while (list($key, $val) = @each($HTTP_SESSION_VARS)) {
$GLOBALS[$key] = $val;
}
register_globals = off ### ---
while (list ($key, $val) = each ($_SESSION)) {
session_unregister($key); }
session_destroy();
testing if variables will still output
echo($username);
echo($access);
echo("<br><br>You have been logged out<br><a href='login.php'>Login page</a>'");
?>
