I’m trying to implement a logout button into my MAR app (in the admin area) for the index, view and edit cases, but having issues.
Is there a better or easier way to do this?
<?php
//start the session
session_start();
//check to make sure the session variable is registered
if(session_is_registered('username')){
//session variable is registered, the user is ready to logout
session_unset();
session_destroy();
}
else{
//the session variable isn't registered, the user shouldn't even be on this page
header( "Location: http://www.yourdomain.com/login.htm" );
}
?>
I’m sure there’s quite a bit of belt-and-suspenders in there, but it does a fine job of signing the person out whenever I call $person->log_out();
Walter
On Oct 28, 2011, at 3:52 PM, Todd wrote:
I’m trying to implement a logout button into my MAR app (in the admin area) for the index, view and edit cases, but having issues.
Is there a better or easier way to do this?
<?php
//start the session
session_start();
//check to make sure the session variable is registered
if(session_is_registered('username')){
//session variable is registered, the user is ready to logout
session_unset();
session_destroy();
}
else{
//the session variable isn't registered, the user shouldn't even be on this page
header( "Location: http://www.yourdomain.com/login.htm" );
}
?>
This just occurred to me: I don’t (yet) have a MAR controlled login form (the admin directory is password-protected through cPanel) so will this logout function work?
This function does some generic things that cause a session-based login to log out. If you’re logged in with Basic Authentication, then that takes a different set of juju. As far as I know, the only way to log out from basic authentication is to close the browser. There’s nothing sitting around in a session that you can destroy per se. That example you posted is also another session-based login, like the one in the MAR example I showed.
Walter
On Oct 28, 2011, at 5:45 PM, Todd wrote:
This just occurred to me: I don’t (yet) have a MAR controlled login form (the admin directory is password-protected through cPanel) so will this logout function work?
From memory I believe you can fake a log out with basic authentication by passing a new set of incorrect log in details. I ended up doing this a long time ago for a project where the client didn’t like the idea of having to quit the browser to fully log out of their session. This may not work any more but it could be worth a try.
Basic auth is a lot less controllable than PHP sessions which I’d always recommend unless you want to do something quite basic.
Regards,
Tim.
On 28 Oct 2011, at 22:58, Walter Lee Davis wrote:
As far as I know, the only way to log out from basic authentication is to close the browser. There’s nothing sitting around in a session that you can destroy per se.