Thread

I am having an issue with a non-super admin logged in as a member logging out…when they do so the session id still remains in the url and they “are” still logged in. Is there a way to clear the session id on logout?

I have the following settings in the admin:
Admin > System Preferences > Security and Session Preferences

User Session Type: Session ID only.

Here’s my template code:

<h1>
   <a href="http://{homepage}id=logo">Website name_     <!--/img/logo.png-->_   </a>
</h1> 

   {!--{if logged_in}
   <ul id="home-btn">
    <li><a href="http://{homepage}">Back to home</a></li>
   </ul>
   {/if}--}

<ul id="main-nav">
   {if logged_in}
   {exp:member:custom_profile_data}
     <li><a href="http://">Welcome, {name}</a></li>
     <li> |</li>
     <li><a href="http://{path=access/}">Sign-out</a></li>
     <li>|</li>
   {/exp:member:custom_profile_data}
   {/if}
   {if logged_out}
   
    <li><a href="/access/register/%22class=%22active" title="Register" class="active">Register</a></li>
   {/if}
   {if segment_1 !='access'}
    <li>|</li>
    <li><a href="http://{site_url}/contact?iframe%22class=%22zoom" class="zoom">Comments + Questions</a></li>
   {/if} 
</ul>

It looks like your logout link is incorrect. It should be something like:

<a href="http://{path=logout}">Sign-out</a>

I thought logout was a template group. But looks like I mis-understood. So how do I control what the user sees when the logout? Like load the page with the login form?

Logging out will take the user to the site_url (index page).

This extension sounds like it may be useful.

Do you have a minute to explain the difference and benefits/negatives between session id and cookies?

I will try your advice soon…I am tackling lots of bugs at the moment. I might not get to it till the AM. but gos your support is very much appreciated 😊

The biggest difference is that a cookie can be stored in the users browser, and remember logins, etc. This also prevents the session_id from being in the URL.

It is generally recommended that the User Session Type is set to Cookies only.

More infor on this, can be found here.

in reference to http://ellislab.com/forums/viewthread/135091/#666633

So I could restructure the site so the login is in the site_url directory…or check out your plugin suggestion. Question: When I get the

<a href="http://{path=logout}">Sign-out</a>

working properly then the system will log me out and the user will have to log back in to see the site? even-though a cookie was set?

I will likely get to this in the AM and report back so I don’t leave you hangn’ thanks again 😊

So I could restructure the site so the login is in the site_url directory

If you wish. Most people leave a link or a login form on all pages. The extension lets you pick the particular page to redirect them to after logging out.

then the system will log me out and the user will have to log back in to see the site?

That’s correct

Just posting to update that I would consider my situation resolved. (http://ellislab.com/forums/viewthread/94551/P36/#666920)

I am now using the extension Redirect After Login and it has solved all my issues. Very nice work. Hope EE 2 addresses this issue and/or twomile ports it over.

Thanks for the support 😉

Glad you have a workable solution. Don’t hesitate to post again as needed.