The logout script is responsible for ending a session that the user starts when he or she is logged in. It has the following code:

<?php

session_start();

if(isset($_SESSION['uname'])) {

session_unset();

session_destroy();

header("location:login.php" );

exit();

}

else{

if(!isset($_SESSION['uname'])) {

//the session variable isn't registered, the user shouldn't even be on this page

header("location:login.php" );

exit();

}

}

?>

It ends sessions in the following way. First, it checks to see if the username session variable is set after opening the session by calling the session_start() function:

<?php

session_start();

Then the username check is carried out:

if(isset($_SESSION['uname'])) {

Next, the session_unset() function is called. This function essentially resets the session array:

session_unset();

At this point, the session_destroy() functions are called to end the session:

session_destroy();

The session_destroy() function essentially removes the session data from the server, where it is stored in temporary files. Once the session has been destroyed, the user is redirected to the login page:

header("location:login.php" );

exit();

}

If the username session variable is not set, then the user is also redirected to the login page, since he or she does not have the right to be on the page in the first place: 

else{

if(!isset($_SESSION['uname'])) {

//the session variable isn't registered, the user shouldn't even be on this page

header("location:login.php" );

exit();

}

}

?>

In the next article, we will take a close look at the login page and the script behind this essential function. See you next week!