Welcome to dbFreaks.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

cookie deletion upon logging off in php

  
   Database Help (Home) -> PHP SQL RSS
Next:  POSTing to XML...  
Author Message
jayadiesel

External


Since: Oct 02, 2008
Posts: 3



(Msg. 1) Posted: Thu Oct 02, 2008 12:29 am
Post subject: cookie deletion upon logging off in php
Archived from groups: alt>php>sql (more info?)
i have developed a localhost site utilizing session with cookie. i
found this issue somehow:
after navigating for some time, soon i wanted logging out (and
inherently deleting session with session_destroy()).
To my surprise, when i press back button and dialog window popped out
saying " ...
do you want to resend the...."
the username and the password were reclaimed back from the cookie, and
i got back to my site without being
authenticated...

 >> Stay informed about: cookie deletion upon logging off in php 
Back to top
Login to vote
J.O. Aho

External


Since: Dec 01, 2003
Posts: 164



(Msg. 2) Posted: Thu Oct 02, 2008 2:25 pm
Post subject: Re: cookie deletion upon logging off in php [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
jayadiesel.TakeThisOut@gmail.com wrote:
> i have developed a localhost site utilizing session with cookie. i
> found this issue somehow:
> after navigating for some time, soon i wanted logging out (and
> inherently deleting session with session_destroy()).
> To my surprise, when i press back button and dialog window popped out
> saying " ...
> do you want to resend the...."
> the username and the password were reclaimed back from the cookie, and
> i got back to my site without being
> authenticated...

Try this instead:

When you recive the logout, do

$_SESSION=null;
session_destroy();
header('Location: '.£urltofirstpage);

First of all, you are cleaning out the data in the session,
and the redirect with header will ensure that you won't get the question about
the "reposting". Killing a cookie needs a page extra to really it to be killed.

--

//Aho

 >> Stay informed about: cookie deletion upon logging off in php 
Back to top
Login to vote
jayadiesel

External


Since: Oct 02, 2008
Posts: 3



(Msg. 3) Posted: Fri Oct 03, 2008 2:31 pm
Post subject: Re: cookie deletion upon logging off in php [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
>
> $_SESSION=null;
> session_destroy();
> header('Location: '.£urltofirstpage);
>
> First of all, you are cleaning out the data in the session,
> and the redirect with header will ensure that you won't get the question about
> the "reposting". Killing a cookie needs a page extra to really it to be killed.
>
> --
>
> //Aho

my code goes here:

session_unset();
session_destroy();
header(location: "../login.php");
yet it rendered no help. keep pressing back button and when the
browser offered 'repost'
i still could get in. moreover in one event when the browser ended
inadvertently, on next start the browser
offer to restore previous session, i still get back to my site. i
don't know if this is browser-specific issue or php.
I used session_regenerate_id() after session_start()..
 >> Stay informed about: cookie deletion upon logging off in php 
Back to top
Login to vote
jayadiesel

External


Since: Oct 02, 2008
Posts: 3



(Msg. 4) Posted: Fri Oct 03, 2008 2:36 pm
Post subject: Re: cookie deletion upon logging off in php [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
> $_SESSION=null;
> session_destroy();
> header('Location: '.£urltofirstpage);
>
my code is somewhat similar
session_unset();
session_destroy();
header("location: ./login.php");
on one event when the browser crash or got kill, and when i restart
the browser it offered to restore previous session i could get in
passing the authentication.. i wonder if this is browser specific
issue ( i used mozilla)
 >> Stay informed about: cookie deletion upon logging off in php 
Back to top
Login to vote
J.O. Aho

External


Since: Dec 01, 2003
Posts: 164



(Msg. 5) Posted: Fri Oct 03, 2008 9:25 pm
Post subject: Re: cookie deletion upon logging off in php [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
jayadiesel.TakeThisOut@gmail.com wrote:
>> $_SESSION=null;
>> session_destroy();
>> header('Location: '.£urltofirstpage);
>>
> my code is somewhat similar
> session_unset();
> session_destroy();
> header("location: ./login.php");

You haven't ensured that the session is empty, just using destroy by itself
won't do the trick and it seems to be needed to kill the cookie itself too.

http://www.php.net/manual/en/function.session-destroy.php

session_unset() should only be used with PHP 4.0.6 or earlier.


> on one event when the browser crash or got kill, and when i restart
> the browser it offered to restore previous session i could get in
> passing the authentication.. i wonder if this is browser specific
> issue ( i used mozilla)

All mozilla browsers should drop the session cookies when they been closed,
not sure how it is when they are restoring, could be set with about:config and
change the right setting.

But see to empty the session variable and kill the cookie too, even if you get
a repost request at going back, then you should have at least got rid of the
session.

--

//Aho
 >> Stay informed about: cookie deletion upon logging off in php 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
PHPtriad v2.2.1 removal - When I fist started using apache/php/mysql I used phptriad [a wonderful piece of kit] to get me up and running. I've used this ever since. I'm think inow of 'upgrading' to laters versions of all three applications, and have found various tutorials/Ho...

MySQL regular expression to match a imploded item - Hello I need to use MySQL's REGEXP (POSIX compliant) to search registries where one field is an imploded set of integer values separated with pipes "|". I need to match one of these imploded values directly on a sql select. $sql = "SELECT...

Weird mysql_connect problem - Hello. My mysql_connect just started to give me following error today, Fatal error: Call to undefined function: mysql_connect() in ..../database_functions/db_functions.inc.php on line 11. So it seems that my php no longer finds php-mysql module...

MySQL - question about displaying data - I am working an some pages that have database content on them. I'm sorry that I don't have any versions of it online yet, but it isn't hard to explain. The site lists restaurants with contact information. All of the information is kept in a MySQL..

How can i Optimize sql Query ? - Hi, I'd like to optimize this query: Code: SELECT * FROM `links` WHERE active = "1" AND mainweight != 0 ORDER BY Rand()*(1/mainweight) LIMIT 5 I have a database of links wich has 3 000 rows. I'd like to select weighted random links from ...
   Database Help (Home) -> PHP SQL All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]