I have added log out functionality to my admin side. However, when the log out button is clicked, it takes me to the log in page, but the session is still active. How do I cancel out the session completely so the administrator is forced to sign in again?

Please see my attached log out file and log in file.

On the login page there is an access restriction rule:


<?php
if (!WA_Auth_RulePasses("Administrators")){
WA_Auth_RestrictAccess("ssl/admin/users_LogIn.php");
}
?>


This rule will not allow you access to the logout page unless you are logged in as the admin. If you want the logout page to logout anyone regardless of how you are logged in then you should remove this code from the top of the logout page.

Thank you for the information. However, your recommendation did not appear to work. Well, the page did redirect to my logout page; however, when I attempted to log back into the administrator back end, the page had me logged in still. I noticed that there are cookie variables attached to the admin login page. Does the user registration solution pack incorporate auto login cookies or remember me cookies into the admin log in page?

What I am ulitmately wanting is to ensure that when a person is logged out of the admin back end and they attempt to log back in again, they will be prompted to provide the user name and password code all over again. I want to remove any auto log in features.

Thank you!

On the logout page is code to unset the session variables. If the session variables are no longer set then you should be logged out. In the default URSP files the admin login does not contain any cookie references, it just works with the posted values from the admin login page.

Once you go to the logout page you should be logged out. If you are still logged in after you go to this page there must be something setting the session variables again. Please post back with a current copy of your admin login page and the logout page you are working with.

A good way to see what is in the session when you are on the login page is to use a vardump like this to see all of the values:


if(!session_id()) session_start()
print("<pre>");
var_dump($_SESSION);
print("</pre>");


You can put this in at the top of the page to see the values, this will let you know just what is in the session.

Per your request, I have attached a copy of my admin log in and log out page. Thank you for taking the time to look at my files. It would greatly appreciate if we can correct this problem.

I have added the session code to your login page, please use this version of the page to test out what values are in the session. When you first go to this page login and then go back to this page to see what is printed at the top. Once you have done this go to the logout page to logout then go back to the login page. You should see what is in the session after you logout. Please post back with all of the values that you are getting after you login and after you logout.

If there are any passwords present you can mask them.