Jump to content
  • Advertisement
Sign in to follow this  
Thoover

[web] problem with session (unsetting) in php

This topic is 3820 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

ok, here is my sign out code:
<?PHP
session.auto_start;
session_start();
unset($_SESSION[user]);
unset($_SESSION[pass]);
unset($user);
unset($pass);
session_unregister(user);
session_unregister(pass);
echo '<script type="text/javascript">window.location = "http://www.***.com/"</script>';
?>



it unsets and unregisters until the next page is loaded, the index knows this is unset unless reloaded/refreshed. how would i make it know that this happens?? this problem only occurs in FF2 not IE7.

Share this post


Link to post
Share on other sites
Advertisement

session_start();
session_destroy();
header('location: logged_out.php');
exit();



This will unset all the session data and redirect them to logged_out.php.

Share this post


Link to post
Share on other sites
that cleans up my code, but i found the problem is i went to www.***.com to logout and the session was set without the www. (why is FF so picky??) but thanks for that easier way to do this =]

Share this post


Link to post
Share on other sites
To a web browser, every domain name is different. This includes www.example.com and example.com

This affects, amongst other things, the scope of cookies used to maintain session state.

You should always canonicalise your URLs. This means that if someone goes to example.com/blah, you redirect them to www.example.com (or vice versa).

Choose exactly one correct URL for each page, and if a user arrives on any other, issue a HTTP permanent redirect to let the browser (or other user agent, f.e. search engine bot) know ,in no uncertain terms, what the true and correct address of that page is.

Likewise, don't set any cookies for that domain when you redirect. Just redirect the user straight to where they need to go without doing any further unnecessary processing.

In the simple case of redirecting example.com to www.example.com (and similar), this can typically be achieved by configuration of your web server software. See the documentation of your web server software for more details.

Mark

Share this post


Link to post
Share on other sites
Quote:
Original post by markr
To a web browser, every domain name is different. This includes www.example.com and example.com

This affects, amongst other things, the scope of cookies used to maintain session state.


Almost. If you set a cookie to be for the domain .example.com (note the starting dot), that cookie must be sent for example.com and any subdomain of example.com.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

Participate in the game development conversation and more when you create an account on GameDev.net!

Sign me up!