Guys,
I have always had bugs with destroying or unregistering sessions so I
find it easier to just delete the appropriate session file. This file
usually sits in a directory on the server (like /tmp or C:\temp). Here
is some example code that works perfectly to destroy a session:

$session_file = session_save_path().'/sess_'.$PHPSESSID;
	
if (file_exists($session_file))
{
	unlink($session_file);
}

session_save_path() is one of the many PHP environment variables that
gets set in the php.ini file.

Hope this helps.

Nasser ;)	

-----Original Message-----
From: Paul [mailto:paul@d...] 
Sent: 06 June 2002 07:48
To: professional php
Subject: [pro_php] Re: Session Security - Terminating Sessions


What if you destroy the entire session?


rene solis wrote:

>When the user logs out of the backend application I use
>
>session_unregister("userid"); session_unregister("userpassword");
>
>to terminate the session and make the content no longer available.
>
>The problem is that when they click back the browser show that the page
>was expired.  That's ok, but when they refresh, the browser prompts to 
>retry sending the data, and then it shows the content.
>
>I already tried opening new browser windows and all those javascript
>tricks.
>
>I want it to be like my web based email.  When I logout, even if I 
>press
>the back button a million times, it wont let me back in my inbox or
last 
>page I was viewing.
>
>Can somebody please help me?
>
>Rene
>
>
>.
>