https://stackoverflow.com/questions/21320524
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianTry a simpler approach, destroy all session cookies
session_start();
session_destroy();
$home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.php';
header('Location: ' . $home_url);
Logout PHP Script
Question
This is my script:
<?php
// If the user is logged in, delete the session vars to log them out
session_start();
if (isset($_SESSION['user_id'])) {
// Delete the session vars by clearing the $_SESSION array
$_SESSION = array();
// Delete the session cookie by setting its expiration to an hour ago (3600)
if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 3600); }
// Destroy the session
session_destroy();
}
// Delete the user ID and username cookies by setting their expirations to an hour ago (3600)
setcookie('user_id', '', time() - 3600);
setcookie('username', '', time() - 3600);
// Redirect to the home page
$home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.php';
header('Location: ' . $home_url);
?>
I cannot log out once logged in on the site. Do I really need cookie'd logins or can I take that out?
Solution
OTHER TIPS
I recommend to using this method,
<?php
//User session in ['user']
if($_SESSION['user_id']){
session_start();
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(),'',0,'/');
session_regenerate_id(true);
}
?>
i recommend you using that method
, why? because that method using true destroy,delete cookie in browser and new set ID of session of session in PHP
"In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that." see: http://us1.php.net/session_destroy and: http://us1.php.net/manual/en/function.session-id.php "Caution Do NOT unset the whole $_SESSION with unset($_SESSION) as this will disable the registering of session variables through the $_SESSION superglobal." see: http://us2.php.net/manual/en/function.session-unset.php
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
