|
|
Posted by axlq on 07/30/06 06:22
In article <48d5e$44cc3726$8259c69c$24703@news2.tudelft.nl>,
Rik <luiheidsgoeroe@hotmail.com> wrote:
>axlq wrote:
>> So here's my logout.php script for all
>> user types. It does seem to work correclty:
>
>I'm missing session_start() here.....
Not really... as I said at the beginning of my original post,
*all* scripts - without exception - include a file that calls
session_start() right at the beginning. I neglected to say that
what I posted for logout.php was an excerpt, not the whole script.
>What if you just:
>
>session_save_path('/home/mydomain/public_html/lists');
>session_name('login_settings');
>session_start();
>set_cookie(session_name(),'',time()-3600,'/');//or your snippet offcourse
>$_SESSION = array();
>session_destroy();
That's what it does already.
>Else, I'm very curious wether you cookies are actually deleted or
>not, and if not, what they hold.
The cookie gets deleted. When I examine the cookie after logging
off in Opera, it says "login_settings: deleted."
The real problem is that the web hosting server seems to think that
every computer on my home network shares the same session ID, and I
don't know what to do about it. I haven't made the web site public
yet. I certainly can't do so as long as $_SESSION poses such a huge
security risk. There are much more than just home networks behind
NAT firewall/routers. If multiple people in a large organization
try to access my site, all kinds of conflicts will occur.
-A
Navigation:
[Reply to this message]
|