[web] problem with session (unsetting) in php

This topic is 3703 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

Recommended Posts

ok, here is my sign out code:
<?PHP
session.auto_start;
session_start();
unset($_SESSION[user]); unset($_SESSION[pass]);
unset($user); unset($pass);
session_unregister(user);
session_unregister(pass);
echo '<script type="text/javascript">window.location = "http://www.***.com/"</script>';
?>


it unsets and unregisters until the next page is loaded, the index knows this is unset unless reloaded/refreshed. how would i make it know that this happens?? this problem only occurs in FF2 not IE7.

Share on other sites
session_start();session_destroy();header('location: logged_out.php');exit();

This will unset all the session data and redirect them to logged_out.php.

Share on other sites
that cleans up my code, but i found the problem is i went to www.***.com to logout and the session was set without the www. (why is FF so picky??) but thanks for that easier way to do this =]

Share on other sites
To a web browser, every domain name is different. This includes www.example.com and example.com

This affects, amongst other things, the scope of cookies used to maintain session state.

You should always canonicalise your URLs. This means that if someone goes to example.com/blah, you redirect them to www.example.com (or vice versa).

Choose exactly one correct URL for each page, and if a user arrives on any other, issue a HTTP permanent redirect to let the browser (or other user agent, f.e. search engine bot) know ,in no uncertain terms, what the true and correct address of that page is.

Likewise, don't set any cookies for that domain when you redirect. Just redirect the user straight to where they need to go without doing any further unnecessary processing.

In the simple case of redirecting example.com to www.example.com (and similar), this can typically be achieved by configuration of your web server software. See the documentation of your web server software for more details.

Mark

Share on other sites
Quote:
 Original post by markrTo a web browser, every domain name is different. This includes www.example.com and example.comThis affects, amongst other things, the scope of cookies used to maintain session state.

Almost. If you set a cookie to be for the domain .example.com (note the starting dot), that cookie must be sent for example.com and any subdomain of example.com.