jimfog Posted September 19, 2013 Share Posted September 19, 2013 I am constructing a logout function...for what I have doubts though is the implementation. This function tries to address 2 different scenarios. There is a cookie in the user's PC(remember me feature) and the second scenario is that there is no remember me cookie in the client. I do not know though if I am doing it the right ways...here is the code: function logout($connection) { if (isset($_COOKIE['cookiename'])||isset($_SESSION['valid_user'])) { $username = $_SESSION['valid_user']; setcookie('cookiename',"", time() - 3600); unset($_SESSION['valid_user']); session_destroy(); $result = $connection->query("DELETE FROM session WHERE username='".$username."'"); if(!$result) {echo 'deletion failed'; return false; } } } Link to comment Share on other sites More sharing options...
birbal Posted September 19, 2013 Share Posted September 19, 2013 This function tries to address 2 different scenarios. There is a cookie in the user's PC(remember me feature) and the second scenario is that there is no remember me cookie in the client. You need to delete both cookie or any other user related data anyway when user logout. Link to comment Share on other sites More sharing options...
jimfog Posted September 19, 2013 Author Share Posted September 19, 2013 You need to delete both cookie or any other user related data anyway when user logout. I suppose you are referring to the "remember me"cookie.Am I correct? Link to comment Share on other sites More sharing options...
birbal Posted September 19, 2013 Share Posted September 19, 2013 yes, remember me cookie and session cookie, both. Link to comment Share on other sites More sharing options...
jimfog Posted September 19, 2013 Author Share Posted September 19, 2013 yes, remember me cookie and session cookie, both. I assume I delete the remember me cookie by setting it expire to the past and I delete the session cookie by unsetting the session. Am I saying it correctly? I think my function addresses both of these issues. Link to comment Share on other sites More sharing options...
birbal Posted September 20, 2013 Share Posted September 20, 2013 Unsetting the session wont delete the session. It will just unset the session value. Session_destroy() will delete the server side session data. But there will be still session cookie on browser. Though that cookie cant get any data as in server that session is deleted and that cookie will expire on his own after certain time (as your session cookie setting was set. But i would like to delete the cookie imidiately once the user log out. Normal cookie deletion technique applies here Link to comment Share on other sites More sharing options...
jimfog Posted September 20, 2013 Author Share Posted September 20, 2013 So we have 2 cookies, the "remember me" and the session related. Does the line below deletes both of them: setcookie('cookiename',"", time() - 3600); Link to comment Share on other sites More sharing options...
thescientist Posted September 20, 2013 Share Posted September 20, 2013 (edited) no, as Birbal said, to kill the session you use session_destroy(). otherwise, you are just deleting the cookie and nothing else. you are using both already, I think you have everything covered. Edited September 20, 2013 by thescientist Link to comment Share on other sites More sharing options...
jimfog Posted September 20, 2013 Author Share Posted September 20, 2013 I think you have everything covered. Plus the "remember" me cookie?By setting it expiring in the past? Link to comment Share on other sites More sharing options...
thescientist Posted September 20, 2013 Share Posted September 20, 2013 (edited) I don't know what you're asking now. You asked if your code does two things 1) deletes a ("remember me") cookie, in this case called "cookiename" 2) kills a session So yes, presumably, to both things. Now, if your remember me cookie isn't actually called "cookiename" then, you should actually use the name of the cookie you are using for remember me instead. Edited September 20, 2013 by thescientist Link to comment Share on other sites More sharing options...
jimfog Posted September 21, 2013 Author Share Posted September 21, 2013 You asked if your code does two things 1) deletes a ("remember me") cookie, in this case called "cookiename" 2) kills a session So yes, presumably, to both things. I am covered now... thanks. The above is what I was expecting to hear...that I accomplish both things. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now