Welcome to our Secure Development Tips blog

Every other week, we provide expert tech tips on how to build and deploy secure applications.  These best practices, derived from Security Innovation’s assessments of the worlds’ most dominant software applications,  are taken directly from our TeamMentor product, which includes more than 3,500 guidance assets and articles on secure software design, coding and testing.    

Check out our Security Innovation Blog

Recent Security Innovation Blog Post:

Anatomy of a Distributed Denial of Service (DDoS) Attack

Latest Posts

Prevent Information Disclosure in Error Messages
Serge Truth
Implement Authentication Controls to Fail Securely
Serge Truth
Hash And Salt Passwords
Serge Truth
Force Password Renewal
Serge Truth
Include Unique Tokens in HTTP Requests
Serge Truth

Subscribe by Email

Your email:

Secure Development Tips

a blog with tips relating to secure application development, from Security Innovation's eknowledge database, TeamMentor

Current Articles | RSS Feed RSS Feed

Destroy Sessions When Users Log Out

Posted by Serge Truth on Wed, Sep 19, 2012 @ 10:31 AM
  
  

Applies to

  • PHP

What to Do

Invalidate sessions when users log out.

Why

Invalidating sessions when users log out makes it harder to hijack them.

How

To invalidate sessions when users log out:

  1. Identify logout functionality. Find code that is responsible for the logout functionality.
  2. Add code to invalidate sessions. Add the following code to the logout function to invalidate the session:

session_destroy();
setcookie(session_name(), "", time() - 3600, "/");

Tags: , ,

Comments

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics