Logging a user out

Mex · December 08, 2014, 09:54:16 AM

Hi there

I am using a custom built website with CodeIgniter.

On my custom website there are Register Login and Logout buttons.
For the logout button, in PHP I include SSI.php and LogInOut.php and then I call Logout().

But the problem I'm getting is this:

QuoteSession verification failed. Please try logging out and back in again, and then try again.

Arantor · December 08, 2014, 09:56:00 AM

Logout() expects certain things in the URL, namely the session id like SMF has it to prevent people being logged out by other users being malicious.

Mex · December 08, 2014, 10:46:47 AM

It now works perfectly, thanks a lot.

I needed this in the URL:

Code Select

?action=logout

As well as passing the session data to JS:

Code Select


<script type="text/javascript">
		forum_sessionid = "<?php require_once 'forum/SSI.php'; global $context; echo $context['session_var'], '=', $context['session_id']; ?>";
	</script>

Ready for jQuery to run:

Code Select


$('#logout_button').click(function(){
		$.post('member/logout?actio=logout;'+forum_sessionid,
		function(data, status){
			location.reload();
		});
	});

Arantor · December 08, 2014, 10:47:41 AM

Interesting. Your application is potentially insecure.

The SMF part of it is not, however.

Mex · December 08, 2014, 10:52:31 AM

Oh

How is my application insecure?

News:

Logging a user out

Mex

Arantor

Mex

Arantor

Mex