Trying to destroy session

Forum Moderators: coopster

Message Too Old, No Replies

Trying to destroy session

shimeal

1:20 am on Jan 15, 2005 (gmt 0)

I don't know why but the session won't die...This first part of code is on my referring page:

<?
if (isset($_SESSION['CustomerID']))
{
echo "<a href='faqs.php?sid=1'>Frequently Asked Questions Page</a>";
}
else {
echo "<a href='faqs.php?sid=0'>Frequently Asked Questions Page</a>";
}
?>

AND on the FAQS.php page, I have this code in the heading:

<?
if ($sid) {
session_unregister("CustomerID");
session_unregister("UserID");
session_unregister("FirstName");
session_unregister("AccessLevel");
session_destroy();
}
?>
<? session_start();?>

The faqs.php page is not destroying the session because I can click the back browser button and go right back into a secure area where I am not supposed to be without a correlating CustomerID...any ideas?

dkin

6:24 am on Jan 15, 2005 (gmt 0)

Please keep all related issues in the same thread.

dreamcatcher

12:30 pm on Jan 15, 2005 (gmt 0)

Hi shimeal,

In your if statement, how is the $sid being assigned? Try echoing it to see if it holds any value. This might be why your if statement is failing. Also session_start() must be called before you attempt to reset a session. Try moving that to before your if statement.

Hope that helps.

shimeal

6:08 pm on Jan 15, 2005 (gmt 0)

Thanks - I eventually used an HTTP_REFERRER because I had so much trouble with this.

ergophobe

5:40 pm on Jan 17, 2005 (gmt 0)

Did you try:

unset($_SESSION);

jatar_k

5:42 pm on Jan 17, 2005 (gmt 0)

umm

[php.net...]

... Do not unset() $_SESSION itself as this will disable the special function of the $_SESSION superglobal.

jatar_k

5:47 pm on Jan 17, 2005 (gmt 0)

an option is to print_r or var_dump your session, then see what you get when you back the browser.

maybe it is not getting $sid so it isn't entering that if statement.

have you started the session before destroying it?

if none of these avenues help I would then look to your authentication function as it may not be properly evaluating the session.

ergophobe

11:44 pm on Jan 17, 2005 (gmt 0)

Right... I think if you really want to get rid of the session, it doesn't do any serious harm, but if you want to keep using the same session that's out. Anyway, bad suggestion.

shimeal

3:11 am on Jan 19, 2005 (gmt 0)

Jakar - you were right, I needed to have the session_start code included in the <?> at the top. Thanks!