i would like to ask something..
regarding session().. i am currently using session() for a library tracking system for my project. there can be more than one user using the system. yet, if either one of the users logout(i'm using session_destroy() to destroy the session), all the other users session will be expired. n they have to relogin to navigate thru the system.
i was thinking of using the session_unregister() but it seems like it still allows the user to go back to the previous page and use the system.
Sessions depend on a timeout value to expire. The default for most sessions is 20mins, this can be altered in the php.ini file or via the webserver software. Combine sessions with a page expiry and the user will not be allowed to move back hru past pages. You can use session_unregister when the user logs out, but its kinda done automatically when the session times out
Hm..to give a more detail situation..
as for the system i'm developing, after the session_start() on every page, i'll check the session registered...
//the rest of the code
this actually to ensure that if the user has signed out or logged off, perhaps they can click on the back button on the menu bar, but as they click on the links in the webpage, they will automatically link to the pageexpired.php...i make like this bcoz i'm not sure how to enable the back button after a user has logoff.
and if i use the session_unregister(), it seems that the 'user-id' is still registered in the session. This is told by the accessability that the user still has even after clicking the 'logoff' button. Do you have any idea what setting(s) went wrong?..
Btw, i'll try to minimize the timeout value for the session. Will c n inform the result from it.