Now that we have checked how protected content works, it's time to script the logout operation. The logout operation is contained in the script called logout.php. The script calls the session_destroy() function, which kills the session cookie and clears the session variables. The logout screen is shown in. The following is what the logout script looks like: We might test whether the session was really terminated by calling the status.php file to check whether the name or the ID are still available. Figure 9 shows the message that the session is invalid. The name and ID are not available after destroying the session. Hence, including status.php at the beginning of each protected page ensures access is only possible after proper login, otherwise all other requests to the URL get terminated at the beginning itself.

Name: Log out Operation.jpg Views: 28 Size: 67.1 KB