I am using following code to set the session when login :
function set_session($value, $table_name)
{
$value_rec = mysql_fetch_array($value, MYSQL_ASSOC) ;
session_start() ;
$SESSION['username']=$value_rec['username'] ;
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'] ;
$_SESSION['logged'] = 1 ;
$session_id = session_id() ;
$query = "update ".$table_name." set session = '".$session_id."',
ip = '".$_SERVER['REMOTE_ADDR']."' where username = '".$value_rec['username']."'" ;
mysql_query($query) ;
return ;
}
Now login works fine. It creates a unique session id and stored relevant variables (e.g. logged, ip etc..) in the file named
sess_{{here comes session id}} under directory c:\php\sessiondata.
Now I am using following script at logout time:
function log_out()
{
$SESSION['logged'] = 0 ;
$SESSION['ip'] = 0 ;
$SESSION['username']= "" ;
}
Even after I logout, $_SESSION variables still hold values. That is probably because when I unset session variables in logout script, it is not reflected in the file, which is under sessiondata directory.
Can any body tell me the solution as how can I make sure that once I logout, nobody can access the pages without login again ?
I am sure I need some changes in logout script.
Hope I made the problem clear. I am using PHP 4.3, Xitami Web server and MySQL.
Thanks,
dev
