Unset instead of session_destroy

Ask about a PHP problem here.
Post Reply
User avatar
EcazS
Posts: 789
Joined: Fri May 06, 2011 5:29 pm

Unset instead of session_destroy

Post by EcazS »

I was working on a login form and thought I could spice things up by adding messages like "You have been logged in/out".
So the way I did this was using the header so when you logged in it would redirect you to index.php?loggedIn which would then display a notice message,
if(isset($_GET["loggedIn"])) {
     echo "<p class=\"notice\" id=\"fade_logged\"><span class=\"notice-icon\">You have been logged in</span></p>";
}
but then I realized that people can get this message up at anytime just by going to index.php?loggedIn which bothers me so I used another session called "logged" and did like this,
if(isset($_GET["loggedIn"]) && $_SESSION["logged"] === "in") {
     echo "<p class=\"notice\" id=\"fade_logged\"><span class=\"notice-icon\">You have logged in</span></p>";
     $_SESSION["logged"] = "";
}
and as you can see I set the session to nothing so you can't display the message again unless you log in again.
Obviously I set the "logged" sessions to "in" right before the header redirect.

The problem is when it comes to logging out. I can't use session_destroy in the logout page since I'm also setting a session in it (without doing unnecessary stuff).
So I thought of unset, unset($_SESSION["username"]); which seems to be working fine, I can still use isset to check if the session is set and if not redirect to the login page.

I was just wondering if this is a good way to do this kind of thing. You know, if unset is reliable and "okay" to use for this thing.


I know I'm echoing a bunch of HTML but at the moment it's just for testing stuff ;)
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: Unset instead of session_destroy

Post by jacek »

I always use unset on session variables, and php.net recommends it here http://uk.php.net/session_unset you should be okay :D
Image
Post Reply