Hello Brian,
Thursday, March 4, 2004, 1:08:47 AM, you wrote:
BD> I have a site with two limitations, neither of which can be changed:
BD> 1. The http and https servers are on different domains.
BD> 2. There are lots of non-PHP pages so session management requires
BD> cookies.
BD> Can anyone think of a way to kill the sessions on a single page? When
BD> the transaction is completed and the page says "Thank you," I'd like
BD> the session to be already dead on both servers so it doesn't matter
BD> where they click, they can't reactivate the previous session.
You can't do it with a single script, however it CAN be done on a
"single page". See below:
logout.html
blah blah, <a href="xt_logout.php">click here to logout</a>
xt_logout.php
// destroy your cookies for the first domain here
Header("Location: https://www.domain2.com/xt_logout_ssl.php";);
exit;
xt_logout_ssl.php
// destroy your cookies for the SSL domain here
Header("Location: http://www.domain1.com/logged_out.php";);
logged_out.php
Thank you, you have now logged out (etc etc).
Because you are using a Header redirect from one script to another the
site visitor will NEVER see this - it happens "behind" the scenes so
you can walk around your sites cleaning up the cookies as you need and
finally dumping the user back onto a friendly logged-out page.
--
Best regards,
Richard Davey
http://www.phpcommunity.org/wiki/296.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
