Posted by Stefan Rybacki on 06/30/05 00:23

Kezepema wrote:
> Hi,
> On my -dutch- site http://groteboodschap.abc26.nl,
> <http://groteboodschap.abc26.nl>I'm working with sessions.
>
> The php manual points, that whenever I call 'session_unset' and
> 'session_destroy', all session variables should have been erased.
> So, I coded these instructions into the login form. Everytime a user clicks the
> "Login" button, the session_unset and session_destroy commands are executed.
> The goal of this is to prevent a user entering certain parts of the site without
> logging in.
> Therefore I included this code in all pages that are part of the 'authorized' zone:
>
> /if(!isset($_SESSION['MySession']))die("<p class='error'>Session terminated.</p>
> <a href='login.php'>Please log in</a>");/
>
> However, when I login, and after that log out, I still can reach the
> 'forbidden' pages.
>
> What am I doing wrong?
>
> Thanks, Kees Epema
>
>
First you should post all of the related code.

Your code should look like this at script start:

session_start();

if (!isset($_SESSION['...'])) {
print("whatever you want");
exit();
}

//Here the forbidden page code




and the logout.php should look like this:

session_start();

session_destroy();


Do you have this above?

Regards
Stefan

[Back to original message]