|
|
Posted by Stefan Rybacki on 06/30/05 00:25
Kezepema wrote:
> Hi,
> On my -dutch- site http://groteboodschap.abc26.nl,
> <http://groteboodschap.abc26.nl>I'm working with sessions.
>
> The php manual points, that whenever I call 'session_unset' and
> 'session_destroy', all session variables should have been erased.
> So, I coded these instructions into the login form. Everytime a user
> clicks the "Login" button, the session_unset and session_destroy
> commands are executed.
> The goal of this is to prevent a user entering certain parts of the site
> without logging in.
> Therefore I included this code in all pages that are part of the
> 'authorized' zone:
>
> /if(!isset($_SESSION['MySession']))die("<p class='error'>Session
> terminated.</p> <a href='login.php'>Please log in</a>");/
>
> However, when I login, and after that log out, I still can reach the
> 'forbidden' pages.
>
> What am I doing wrong?
>
> Thanks, Kees Epema
Why this thread again?
Navigation:
[Reply to this message]
|