|
Posted by Kezepema on 06/29/05 22:47
Hi,
On my -dutch- site http://groteboodschap.abc26.nl,
<http://groteboodschap.abc26.nl>I'm working with sessions.
The php manual points, that whenever I call 'session_unset' and
'session_destroy', all session variables should have been erased.
So, I coded these instructions into the login form. Everytime a user
clicks the "Login" button, the session_unset and session_destroy
commands are executed.
The goal of this is to prevent a user entering certain parts of the site
without logging in.
Therefore I included this code in all pages that are part of the
'authorized' zone:
/if(!isset($_SESSION['MySession']))die("<p class='error'>Session
terminated.</p> <a href='login.php'>Please log in</a>");/
However, when I login, and after that log out, I still can reach the
'forbidden' pages.
What am I doing wrong?
Thanks, Kees Epema
Navigation:
[Reply to this message]
|