killing other sessions

dd3123

I've been PHPing for a while now, but never had to do this before, so I'm wondering if this is one of those rare n00b issues I've just never run into.

Basically I've got set of pages at say http://www.mypages.com/blahblah

after a bit, users go to a secure server at

https://secure.mypages.com/blahblahblah which starts a new session and tracks various things.

Now then, at some point I want the user's session & variables at
http://www.mypages.com/blahblah to be automatically destroyed while still at https://secure.mypages.com/blahblahblah

How might I do this without using header() to forward them to the nonsecure area and then destroying the session?

Last edited by dd3123 on 03-25-2003 at 01:05

sijis

i'm not sure if you know this, but you can use
session_destroy();
to delete all sessions.
http://www.php.net/session_destroy

if you are thinking about logic, well.
you can copy the session from the non-secure pages into another session (exclusively for secure pages) before you destroy the non-secure session variables.

maybe a simpler way would be to destoy all sessions in the beggining of the secure pages (assuming user has only 1 point of entry to the secure pages)

hope that helps.

dd3123

yea I tried a session_destroy() from the secured pages, but it for some reason, does not destroy the unsecured session.