How to make a Logout Script

Hey guys. Thanks for all the previous help everyone's given me.

I have another PHP question. Okay, so I've made a PHP login script, basically it's

$username = "blah";
$password = "blah2";

$user = $_POST['username'];
$pass = $_POST['password'];

if($user == $username && $pass == $password)
{
echo "Thank you for logging in. Click to Continue" ;
}
else {
echo "Sorry Incorrect Username or Password";
die();
}
?>```


I was just wondering how you would make a logout script like this. The main reason I'm asking is because I don't know MySQL very well and I would rather code it all in PHP.
Any suggestions?

Thanks in Advanced.

Umm…just don't send the post fields? Reload the page? That's all that you can really do to logout with your function.

Ok, well I'll try that. It doesn't really matter too much I just needed some info on how to do it because Im making a system for work, but as soon as my supervisor comes back I will be using MySQL on it :)

Thanks anyways japanesedude

Normally PHP sites use sessions to keep you logged in, then when you want to log out you destroy the session.

http://uk2.php.net/session

Ok cool. So as they login I set the session and as they hit 'logout' i session_destroy it?

Also, a question on that, which is better: session_destroy(); or unset($_SESSION[]); ?

DarkMantis wrote: Also, a question on that, which is better: session_destroy(); or unset($_SESSION[]); ? It depends on exactly what you want to achieve. If there are other session variables that you want to maintain (maybe traffic specifics or something), just unset the session variables associated with a logged-in state. Otherwise, just session_destroy(); it's short and sweet.

Also, a mistake a lot of people make with sessions is forgetting to put session_start() at the top of all the pages that they use sessions on. It's not necessary to put it at the top of all pages; the sessions will persist normally with or without it. You only use session_start() if you're going to access / set session vars.