php logout without redirect to logout.php

Question

i have a problem, i want to make logout 'button' but not allow people to logout through a link, like i have logout.php and my button redirect to it, but you can logout also by entring in browser www.mysite.com/logout.php

So i came to idea to use ajax:

function Logout()
{
    $.ajax({
        url: 'logout.php',
//      data: {xyz:1},
        method: 'POST',
    }).done( location.reload(true); );
}

but it does not work

my logout.php:

<?php

    session_start();
    setcookie("id", "", time()-3600);
    setcookie("pass", "", time()-3600);
    session_unset();

?>

also i wanted to logout user in database but for that i need his id with is in php in $uid, jquery code is in .js file so i can't do simply

var userid = <? $uid ?>

or can i?

Answer 1

You could create a form with a hidden field that contains the uid, another one that contains another hidden variable and the button leads to your logout.php something like this:

<form method="post" action="logout.php">
<input type="hidden" name="uid" value="<?=$uid; ?>" />
<input type="hidden" name="checked" value="checked" />
<input type="submit" name="Logout" value="Logout" />
</form>

Then on your logout.php page you get your post variables

$uid = $_POST["uid"];
$check = $_POST["checked"];

And now you have both the uid that you wanted and a variable that contains "checked" when the form is submitted.

This is a quite rudimentary way of doing things, but it will work. You can either pass the variables through standard php means or ajax, either way this should work.