1
\$\begingroup\$

I've been reading the security issue on logging out from a website system written in PHP, using sessions.

My current code is:

session_start();
if (isset($_SESSION["logged_in"])) {
 unset($_SESSION["logged_in"]);
 unset($_SESSION["ss_fprint"]);
 unset($_SESSION["alive"]);
 session_destroy();
 session_regenerate_id(true);
}
// NEW MODIFIED CODE
session_start();
if (isset($_SESSION["logged_in"])) {
$_SESSION = array();
if (ini_get("session.use_cookies")) {
 $params = session_get_cookie_params();
 setcookie(session_name(), '', time() - 42000,
 $params["path"], $params["domain"],
 $params["secure"], $params["httponly"]
 );
}
session_destroy();
header("Location: ../index.php");
die();
} else {
header("Location: ../online.php");
die();
}

I use this class.

The code from the class should ensure and protect against hijacking and capture and fixation.

I have generated a session with this code from the above link, and I want to logout properly.

I tried print_r() out all $_SESSION data, and it was empty after I ran my logout code.

Is my logout secure enough?

OBS:: This system I'm making is not for some big company with a huge big mega need for security, but the basics should be implemented.

Jamal
35.2k13 gold badges134 silver badges238 bronze badges
asked Aug 30, 2013 at 9:33
\$\endgroup\$
1
  • 1
    \$\begingroup\$ die() is usually used to indicate an error, I would use exit; instead. \$\endgroup\$ Commented Aug 30, 2013 at 10:27

1 Answer 1

3
\$\begingroup\$

looks alright enough. i would change is replace all those unset() lines with just $_SESSION = array();

and check the manual, it has a sample to clear your session cookies if you have them enabled.

answered Aug 30, 2013 at 9:38
\$\endgroup\$
3
  • \$\begingroup\$ Thanks for your answer. So basicly i can just use the code efrom your link, and if i have session cookies enabled they will get deleted? \$\endgroup\$ Commented Aug 30, 2013 at 9:45
  • \$\begingroup\$ I change my unset() with $_SESSION = array(); \$\endgroup\$ Commented Aug 30, 2013 at 9:48
  • \$\begingroup\$ I modified my code in my original question.. any comments on it? \$\endgroup\$ Commented Aug 30, 2013 at 10:11

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.