session logout..?

mo0ness

Hey every1, im using sessions on my admin control panel for my site, im having trouble killing the sessions, and I was wondering if any1 cud please help me?

Below: Sessions set after login check


         	session_start();
         	// Password check, other php code

         	$_SESSION['do_email']=$do_email;
         	$_SESSION['do_pass']=$do_pass;
         	$_SESSION['user_logged_in']=1;
         							session_write_close();

         	// re-direct to cp.php

Below: Code on password protected pages (cp.php)


session_start();

if ($_SESSION['user_logged_in']!=1)

	require_once("login.error.php");

else
{

               // procted html is printed here

}

Below: Code for logout.php


session_start();

if ($_SESSION['user_logged_in']!=1)
{

	$_SESSION = array();
	session_destroy();

}
else
{
	require_once("login.error.php");

}

Now, i dont get an error with logout.php, I clicklogout, and it prints the login.error.php message, it therefor lookslike i've logged out. Only, if I go to a password protected page, the sessions are still alive and it hasnt been detroyed. I therefor have to "wait" until my session has expirerd in order to be officially "logged out". Can any1 help me with this error please? Thank you in advance!

bobthedog

It seems you just have a logic problem. When you visit logout.php and you are logged in

$_SESSION['user_logged_in'] == 1

this means that you do this

require_once("login.error.php");

since 1 == 1, and you leave the session in tact so that you are still logged in. I think you have the logic in this if statement the wrong way round and it should probably be:


session_start();

if ($_SESSION['user_logged_in'] == 1)
{

	$_SESSION = array();
	session_destroy();

}
else
{
	require_once("login.error.php");

}

...so if you are logged in, the session is destroyed, if you aren't logged in then you dump out the contents of login.error.php.

mo0ness

god what a stuiped error lol, thanx for ur help man, it works now 🙂