-
March 31st, 2009, 04:53 AM
#1
Session destroy
im using php and mysql
i have a problem, once the session destroyed after logging out, still some of the url can be still accessed. like adding customer and adding orders. but others cannot be accessed.
heres my logout.php
PHP Code:
<?php
session_start();
session_unset();
session_destroy();
$_SESSION = array();
$printout="<font color='green' size='2' face='arial'><center><b>Thank you for using SOMS.<br>Have a nice day!</b></center></font>";
include("login.php");
?>
-
March 31st, 2009, 06:53 AM
#2
Re: Session destroy
All you need to destroy a session is start() and destroy().
PHP Code:
session_start(); session_destroy();
You might want to check a couple of things...
- Since you are setting a session variable after you have destroyed the session, it's possible that you are creating another temp session.
- You need to be checking for the session's validity at the top of EVERY page in your web application. My guess is that the pages handling customers and orders don't have the check for the session.
If the post was helpful...Rate it! Remember to use [code] or [php] tags.
-
March 31st, 2009, 08:53 PM
#3
Re: Session destroy
got it MOD! i just dont have a session start in my customer and order code.
Tnx man!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|