Posted by Kezepema on 06/29/05 22:47

Hi,
On my -dutch- site http://groteboodschap.abc26.nl,
<http://groteboodschap.abc26.nl>I'm working with sessions.

The php manual points, that whenever I call 'session_unset' and
'session_destroy', all session variables should have been erased.
So, I coded these instructions into the login form. Everytime a user
clicks the "Login" button, the session_unset and session_destroy
commands are executed.
The goal of this is to prevent a user entering certain parts of the site
without logging in.
Therefore I included this code in all pages that are part of the
'authorized' zone:

/if(!isset($_SESSION['MySession']))die("<p class='error'>Session
terminated.</p> <a href='login.php'>Please log in</a>");/

However, when I login, and after that log out, I still can reach the
'forbidden' pages.

What am I doing wrong?

Thanks, Kees Epema

[Back to original message]