ending a session

netfrugal

I've been attempting to write a "Logout" link that goes to logout.php.

On the main page, up top, I have:

<?php
session_start();
header("Cache-control: private");
?>

the registered session variables, if I am understanding this correctly, is:

$SESSION['user']
$SESSION['pass']

My logout.php page has this:

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>logout</title>
<meta http-equiv="Refresh" content="2;URL=test-webusage.php" />
</head>

</html>

But so far it does not end the session, because I can still click the back button and find myself logged in. Also, on the logout.php page I made it redirect to the main search page, and if there is no session, it redirects to the login page.

HAve I missed something?

harmor

try
session_destroy();

netfrugal

ok, I tried putting in session_destroy.php

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>logout</title>
<meta http-equiv="Refresh" content="2;URL=test-webusage.php" />
</head>

However, I get this warning:Warning: Cannot send session cache limiter - headers already sent (output started at /var/www/html/startweb/support/logout.php:9) in /var/www/html/startweb/support/logout.php on line 10

Would you change anything in that statement?

netfrugal

ok, I found that I was placing the code in the wrong place.

the session_start() & session_destroy() must go in the very top of the file, before the <html>.

However, if I click the back button I find myself logged back in. Is there a way to stop this?

harmor

Only session_start(); has to go at the top.

session_destroy(); can be placed anywhere.

logout.php

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>logout</title>
<meta http-equiv="Refresh" content="2;URL=test-webusage.php" />
</head>

<body>
<?php session_destroy(); ?>
</body>
</html>

Sayian

In order to properly log out, and destroy a session, try this.

$_SESSION = array(); // Assign a new array to session, overwriting all previous contents
session_destroy(); // Destroy the Session
header("Location: /index.php"); // Return user to homepage

🙂

netfrugal

Nope, it still allows me to log back in when I click the back button.

Actually, it just lets me go back to the pages I was able to see while logged in, but if I click on any hyperlink in the page it sends me to the log in screen. I suppose this works.