Menu
I am working on a 3rd party PHP server that does the following:
When a user logins in:
ini_set("session.name","APPSESSID");
session_start();
When a user logs out:
unset( $_SESSION['user'] );
unset( $user );
session_destroy();
The problem is that on logout, APPSESSID is not actually deleted at the client browser. It gets a different value on logout (It seems it becomes what is known as an anonymous cookie)
This is causing problems because I have an web sockets API that is checking if the UA sends the APPSESSID cookie in its connect request and this cookie is being sent by the client even after it logs out of the PHP app as the cookie doesn't really get deleted, just rewritten.
How do I ensure the cookie is actually deleted on logout ?
thanks
229
As the documentation say
If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
