|
|
Posted by Stefan Rybacki on 06/30/05 00:23
Kezepema wrote:
> Hi,
> On my -dutch- site http://groteboodschap.abc26.nl,
> <http://groteboodschap.abc26.nl>I'm working with sessions.
>
> The php manual points, that whenever I call 'session_unset' and
> 'session_destroy', all session variables should have been erased.
> So, I coded these instructions into the login form. Everytime a user clicks the
> "Login" button, the session_unset and session_destroy commands are executed.
> The goal of this is to prevent a user entering certain parts of the site without
> logging in.
> Therefore I included this code in all pages that are part of the 'authorized' zone:
>
> /if(!isset($_SESSION['MySession']))die("<p class='error'>Session terminated.</p>
> <a href='login.php'>Please log in</a>");/
>
> However, when I login, and after that log out, I still can reach the
> 'forbidden' pages.
>
> What am I doing wrong?
>
> Thanks, Kees Epema
>
>
First you should post all of the related code.
Your code should look like this at script start:
session_start();
if (!isset($_SESSION['...'])) {
print("whatever you want");
exit();
}
//Here the forbidden page code
and the logout.php should look like this:
session_start();
session_destroy();
Do you have this above?
Regards
Stefan
Navigation:
[Reply to this message]
|