Session destroy

Question

In my working platform i endedup with a session_destroy problem

function logout()
{

 $_SESSION['id'] = '';
 session_destroy();

}

Here i unset the session id variable with a null value and uses the session_destroy() function to destroy the session.

But the problem is that after logged out from my account, when i press the back button of the browser it shows the status as logged in. Even i can browse through the profile and links of my account.

Thank you

Answer 1

Instead of rolling your own session code and possibly missing something, try using Zend_Session:

http://framework.zend.com/manual/en/zend.session.html

The constructor of Zend_Session_Namespace will automatically call session_start(), and likewise the Zend_Session::destroy() method will clean everything up in a logout script. Most of the work has already been done for you.

Answer 2

it think you should try using session_unset()

In order to kill the session altogether, like to log the user out, the session id must also be unset.

If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that

<?php
session_start();

$sessionName = session_name();
$sessionCookie = session_get_cookie_params();

session_unset();
session_destroy();

setcookie($sessionName, false, $sessionCookie['lifetime'], $sessionCookie['path'],    $sessionCookie['domain'], $sessionCookie['secure']);
?>

Answer 3

Try this:

unset($_SESSION);
session_destroy();
session_regenerate_id();

Answer 4

you must unset session as well as destroy session to remove it completely from your system.

you can do it with php functions..

session_unset(); or you can use unset($_SESSION);
session_destroy();