I have a problem, when I logout and press the back button and then refresh, I am again logged in. What do I need to do to fix that? I want to erase all data when I press logout. After I press logout the session still remains. What is the problem?
session_start();
require ("connection.php");
if (isset($_GET['logout'])){
session_start();
$_SESSION=array();
setcookie(session_name(), '', time()-42000, '/');
unset($_SESSION);
session_destroy();
header ("Location:index.php");
}
if(isset($_POST['login'])){
$name=strip_tags(mysql_real_escape_string($_POST['name']));
$password=strip_tags(mysql_real_escape_string($_POST['password']));
if (!$name || !$password) {
echo "Fields are empty!<br />
<a href='index.php'>Click here to return.</a>";
}
else {
$query="SELECT * ";
$query.="FROM users ";
$query.="WHERE user_name='$name' ";
$query.="AND password='$password'";
$rs = mysql_query($query, $dbc);
if(mysql_num_rows($rs)==1) {
$row=mysql_fetch_array($rs);
$user_name=$row['name'];
$_SESSION['user']=$user_name;
echo "Hello". " ". $_SESSION['user'];
echo "<a href='index.php?logout'>Logout</a>";
} else {
echo "User doesn't exist." ;
}
}
}
else {
echo"
<form method='POST' action='index.php'>
User name: <input type='text' name='name'><br />
Password:<input type='password' name='password'><br />
<input type='submit' name='login' value='login'>
</form>
";
}
You can log the user out with session_destroy();
You don't need to remove the cookie or anything else. To delete the session data just call session_destroy.
More importantly don't call session_start twice. This will cause an error.
The following code is nonsense.
$_SESSION=array();
setcookie(session_name(), '', time()-42000, '/');
unset($_SESSION);