1
\$\begingroup\$

I've been reading the security issue on logging out from a website system written in PHP, using sessions.

My current code is:

session_start();

if (isset($_SESSION["logged_in"])) {
    unset($_SESSION["logged_in"]);
    unset($_SESSION["ss_fprint"]);
    unset($_SESSION["alive"]);
    session_destroy();
    session_regenerate_id(true);
}
// NEW MODIFIED CODE
session_start();

if (isset($_SESSION["logged_in"])) {

$_SESSION = array();

if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

session_destroy();

header("Location: ../index.php");
die();
} else {
header("Location: ../online.php");
die();
}

I use this class.

The code from the class should ensure and protect against hijacking and capture and fixation.

I have generated a session with this code from the above link, and I want to logout properly.

I tried print_r() out all $_SESSION data, and it was empty after I ran my logout code.

Is my logout secure enough?

OBS:: This system I'm making is not for some big company with a huge big mega need for security, but the basics should be implemented.

\$\endgroup\$
1
  • 1
    \$\begingroup\$ die() is usually used to indicate an error, I would use exit; instead. \$\endgroup\$ Commented Aug 30, 2013 at 10:27

1 Answer 1

Reset to default
3
\$\begingroup\$

looks alright enough. i would change is replace all those unset() lines with just $_SESSION = array();

and check the manual, it has a sample to clear your session cookies if you have them enabled.

\$\endgroup\$
3
  • \$\begingroup\$ Thanks for your answer. So basicly i can just use the code efrom your link, and if i have session cookies enabled they will get deleted? \$\endgroup\$ Commented Aug 30, 2013 at 9:45
  • \$\begingroup\$ I change my unset() with $_SESSION = array(); \$\endgroup\$ Commented Aug 30, 2013 at 9:48
  • \$\begingroup\$ I modified my code in my original question.. any comments on it? \$\endgroup\$ Commented Aug 30, 2013 at 10:11

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.