Using PHP to logout of a site where a Cookie was set
Question
having trouble figuring this one out. I know that it's not best practice to store this information in a cookie, but it's for a school project and my professor just asked to do it this way.
Here is the code where you log in and the cookie is set | admin.php:
'
<?php
if (!isset($_COOKIE['loggedIn'])) {
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else if($_SERVER['PHP_AUTH_USER'] == "user1" &&
$_SERVER['PHP_AUTH_PW'] == "pass1") {
//make the cookie
setcookie("loggedIn", "user1/pass1", time() + 60);
} else {
header('HTTP/1.0 401 Unauthorized');
echo "Invalid Credentials";
exit;
}
} else {
if (isset($_COOKIE['loggedIn']) && $_COOKIE['loggedIn'] == "user1/pass1") {
//YAY DO NOTHING ITS ME
} else {
header('HTTP/1.0 401 Unauthorized');
echo "Invalid Credentials";
exit;
}
}
?>
'
And here is the code that I was trying to run to delete the cookie and Logout, so when you visit the admin.php page again you would have to enter the credentials again.. but it doesn't seem to work.
logout.php :
'
<?php
if(isset($_COOKIE[session_name()])):
setcookie(session_name(), '', time()-7000000, '/');
endif;
if(isset($_COOKIE['loggedIn'])):
setcookie('loggedIn', '', time()-7000000, '/');
endif;
session_start();
session_unset();
//unset($_SESSION["nome"]);
// where $_SESSION["nome"] is your own variable. if you do not have one use only this as follow **session_unset();**
header("Location: index.php");
?>
'
Thanks in advance for any help!
1 answers
solution1
0 2014-12-08 18:38:43
There's a pretty comprehensive example on php.net: http://php.net/manual/en/function.session-destroy.php
<?php
session_start();
// Unset all of the session variables.
$_SESSION = array();
if(isset($_COOKIE[session_name()])):
setcookie(session_name(), '', time()-7000000, '/');
endif;
if(isset($_COOKIE['loggedIn'])):
setcookie('loggedIn', '', time()-7000000, '/');
endif;
// Check session cookies
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}
// Finally, destroy the session.
session_destroy();
//session_unset();
//unset($_SESSION["nome"]);
// where $_SESSION["nome"] is your own variable. if you do not have one use only this as follow **session_unset();**
header("Location: index.php");
Notice unsetting the session array: $_SESSION = array(); deleting the session cookie; and destroying the session: session_destroy();
Thanks,
Andrew
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.