View this Thread

Mmh ok now i dont get any error's... But when i login it does make the changes on my page (show members menu) But when i click logout it stay's in the same way as logged in...


Code:

<?
ob_start();
$_SESSION['log ged_in'] = 0;

setcookie('log in_cookie', "", time() - 60, '/', '.http://local host/TG/');

session_destroy ();
header("L ocation: http://localhos t/TG/";
?>

hrm...

re-check your header code, somehow the $_SESSION['log ged_in'] still = 1. Gotta be in the header code somewhere, because the logout sets it to zero, but you said it still says your're logged in even after logout.

Still lost :S.... I checked my header and even tried the exact one from the tutorial...


Code:

i think the cookie isnt being deleted... so on your logout.php file, mess around with:

setcookie('log in_cookie',&q uot;",tim e()-60, '/', '.http://local host/TG/' );

maybe take the / out after "/TG/&qu ot;

you could modify the header code for editing to see whats going on, thats a good way to debug and find the problemes. try doing something like:

Code:

According to Php.net: "Cookies must be deleted with the same parameters as they were set with."
I think the problem is that the script to create the cookie is "setcooki e('login_cooki e', $joined, 2147483647, '/', '.craversdark. com/practice2' ); "
but we're deleting it with:
" setcookie('log in_cookie', "", time() - 60, '/', '.craversdark. com/practice2' );"

when it should probably be: " setcookie('log in_cookie', $joined, time() - 60, '/', '.craversdark. com/practice2' );"
Or something. I'm playing with it now.

-SeiferTim :: http://www.crav ersdark.com

ok good luck. I noticed in my code above it should be if(!isset() bla bla...

works fine for me the way its setup. Let me know what you come up with

Hellow everybody
after logout.if i click browser back option then it was shown previos static pages.so how to block this problem.

im not exactly sure what you're talking about. could you provide more detail? I dont think you can keep it from showing prev. static pages where you was logged in. If you were to click a link, it would ask you to sign back in again I believe.

Let me start by saying this was a wonderful tutorial, but as the people above mentioned. The logout process does not work at all. The cookie is not destroyed. I think it would be better to just use sessions and eliminate cookies in this tutorial and accompanying scripts since the author does not seem to be able to fix this.

Are cookies included for anything beside remembering the username in the form? not sure. but I think sessions would be enough to make this tutorial work, unless bs0d can figure out why the logout script fails.

The way it is now, even if you close all browsers, you can still go directly to the secured content without the need to login, which defeats the whole purpose of the secured area.

The tutorial is written with the option to "remember me" ergo cookie implementation. So that when you open a new browser window and visit the site, you are not required to login. If you would not like that feature, don't add it or do not check the "remember me" checkbox.

The code provided in the tutorial has worked for many, and not worked for few. For those having problems with it, here a few alternatives to try:


Code:

I have been on this all day, but finally got it working. Seems when I used (false) as the new value in logout, that did the trick. Also I had to replace the time value (2147483647) you had in the login.php with time()+3600. Also you need to pay attention to the domain name and sb directory values. They have to be the same as when set.
The following worked for me:

This is the line that sets cookie in the login.php file:
--------------- --------------- ---------
setcookie(&quo t;login_cookie ", $joined, time()+3600, "/secure/ ", "mydomain .com" );
--------------- --------------- ---------
This is the line that unsets it in the logout.php:
--------------- --------------- ---------
setcookie('log in_cookie', false, time() - 3600, '/secure/', 'mydomain.com ');
--------------- --------------- ---------

oops, sorry bs0d. Can you please remove my domain name from the second line (logout code), I forgot to remove it. you can delete this note too.
Maybe I shoulda registered first lol

I hope the above helps someone.

Thanks.

time()+3600 is only one hour from whenever they log in. this means if you are trying to use the 'remember me' feature and someone comes back tomorrow, they have to log in again. on my site, login cookies are set to last for 30 days (2592000 seconds) so as long as they come back with in a month they will still be remembered.

i haven't read the tutorial here though, so feel free to ignore me if i'm not making sense.

Thanks bs0d for fixing my post above, much appreciated.

misterhaan, I agree with you on the cookie time, my whole issue was not the duration but was the logout process. I needed that when you click logout you should be logged out period. The member area that I am setting up will not be frequently accessed so the duration of cookie life was not an issue for me at all, one hour is more than is needed to serve the purpose. but logout works for me now.

Thanks everyone.
Joe

What you use?
windows xp
windows 2000
windows 98
windows 95
or other

---------------
Best regards

Hi guyz,

for those who are still struggling with:
Warning: session_destroy (): Trying to destroy uninitialized session

change in logout:
session_destroy ();
to:
@session_destro y();

It works for me

I believe the answer has been resolved here. Topic locked.