Page 1 of 1

Logout user from a text database

Posted: Fri Jun 16, 2017 8:48 pm
by Aris
Hi.

I have a text database on my server.

When a user choose to log out,

1. His/her information remain on the database?
2. If the answer to the question 1 is YES, this means that I must delete this information by hand?
3. If the answer to the question 1 is NO, when or how it will be deleted?

I would wish the user information to be deleted automatically...
Is there some other choice?

Thank you.

Re: Logout user from a text database

Posted: Fri Jun 16, 2017 8:57 pm
by Pablo
1. His/her information remain on the database?
Yes
2. If the answer to the question 1 is YES, this means that I must delete this information by hand?
No. Why?
3. If the answer to the question 1 is NO, when or how it will be deleted?
The login state will not be stored in the database, only the username/password.
The login session will end as soon as the user closes the browser or when the timeout expires.
https://www.w3schools.com/php/php_sessions.asp

Re: Logout user from a text database

Posted: Fri Jun 16, 2017 9:09 pm
by Aris
Thank you, Pablo.
The login session will end as soon as the user closes the browser or when the timeout expires.
This means (if I understand well) that when the user closes the browser and he open it again, he will cannot login with the same username and password?

Re: Logout user from a text database

Posted: Sat Jun 17, 2017 4:06 am
by Biju
This means (if I understand well) that when the user closes the browser and he open it again, he will cannot login with the same username and password?
.Yes he can; since the username /password remains unchanged even if he closed the browser. See Pablo's answer below:
The login state will not be stored in the database, only the username/password.

Re: Logout user from a text database

Posted: Sat Jun 17, 2017 5:14 am
by Aris
I understand what you write, but I cannot find the solution to the problem.

Probably I I have made something wrong.

All the web pages have the extension .php

The logout page is a protected (with the lock) web page with the logout button?
Is it correct?

On the Object properties > Logout of the logout button I made a "than you page": ./logout_thank_you.php
Is it correct?

In the Page HTML of the logout page (start of page) I read the following code:

Code: Select all

<?php
if (session_id() == "")
{
   session_start();
}
if (!isset($_SESSION['username']))
{
   header('Location: #');
   exit;
}
if (isset($_SESSION['expires_by']))
{
   $expires_by = intval($_SESSION['expires_by']);
   if (time() < $expires_by)
   {
      $_SESSION['expires_by'] = time() + intval($_SESSION['expires_timeout']);
   }
   else
   {
      unset($_SESSION['username']);
      unset($_SESSION['expires_by']);
      unset($_SESSION['expires_timeout']);
      header('Location: #');
      exit;
   }
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['form_name']) && $_POST['form_name'] == 'logoutform')
{
   if (session_id() == "")
   {
      session_start();
   }
   unset($_SESSION['username']);
   unset($_SESSION['fullname']);
   header('Location: ./logout_thank_you.php');
   exit;
}
?>
Do you see something wrong here?

The login session will end as soon as the user closes the browser or when the timeout expires.

I have read https://www.w3schools.com/php/php_sessions.asp, but I cannot understand whether I must change something on my page:
Last night I created a user (sign up) on my computer. I used logout. But today I can login with the same username and password.

Re: Logout user from a text database

Posted: Sat Jun 17, 2017 6:56 am
by Pablo
But today I can login with the same username and password.
Correct. Nothing is wrong. This is how it works. Why would you need a different username/password?