Sign in to follow this  

[web] problem with session (unsetting) in php

This topic is 3628 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

ok, here is my sign out code:
<?PHP
session.auto_start;
session_start();
unset($_SESSION[user]);
unset($_SESSION[pass]);
unset($user);
unset($pass);
session_unregister(user);
session_unregister(pass);
echo '<script type="text/javascript">window.location = "http://www.***.com/"</script>';
?>



it unsets and unregisters until the next page is loaded, the index knows this is unset unless reloaded/refreshed. how would i make it know that this happens?? this problem only occurs in FF2 not IE7.

Share this post


Link to post
Share on other sites

session_start();
session_destroy();
header('location: logged_out.php');
exit();



This will unset all the session data and redirect them to logged_out.php.

Share this post


Link to post
Share on other sites
that cleans up my code, but i found the problem is i went to www.***.com to logout and the session was set without the www. (why is FF so picky??) but thanks for that easier way to do this =]

Share this post


Link to post
Share on other sites
To a web browser, every domain name is different. This includes www.example.com and example.com

This affects, amongst other things, the scope of cookies used to maintain session state.

You should always canonicalise your URLs. This means that if someone goes to example.com/blah, you redirect them to www.example.com (or vice versa).

Choose exactly one correct URL for each page, and if a user arrives on any other, issue a HTTP permanent redirect to let the browser (or other user agent, f.e. search engine bot) know ,in no uncertain terms, what the true and correct address of that page is.

Likewise, don't set any cookies for that domain when you redirect. Just redirect the user straight to where they need to go without doing any further unnecessary processing.

In the simple case of redirecting example.com to www.example.com (and similar), this can typically be achieved by configuration of your web server software. See the documentation of your web server software for more details.

Mark

Share this post


Link to post
Share on other sites
Quote:
Original post by markr
To a web browser, every domain name is different. This includes www.example.com and example.com

This affects, amongst other things, the scope of cookies used to maintain session state.


Almost. If you set a cookie to be for the domain .example.com (note the starting dot), that cookie must be sent for example.com and any subdomain of example.com.

Share this post


Link to post
Share on other sites

This topic is 3628 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this