I am trying to figure out the proper way to completely log out any current Users.
I have a Registration Form, and before I start working with the $_SESSION variable for the person registering on my website, I want to be 100% certain that any $_SESSION variables on the server or any Session Cookies that might be leftover on the current User’s computer are erased, so nothing gets cross-pollinated!!
I have been looking at the PHP Manual, but there seem to be a couple of functions and approaches, and I’m not sure what the correct way to do things is?!
(Security and privacy are really important to me, and since my website will also have an e-commerce module, I need to make sure I understand the right way to go about logging out Members so no one gets hurt!!)
All you should need to do is just destroy the session. If the browser can’t find the session ID on the server, the browser can’t do anything with a session (and session token) that no longer exists.
I’m just curious, I know my registration system a new user doesn’t get his/her information placed into $_SESSION[‘user’], so that person isn’t logged into the system in the first place.