On my page I have a session being created which can be accessed and called fine usually. However, I am adding a logout button which links to logout.php which only contains the lines
session_unset();
session_destroy();
Noting out the session_destroy, I've noticed that there is no error, but nothing happens to the current session. However, session_destroy is giving the following error. Similar questions show that this is because people have not called session start, but the session has been started in my login.php
You got error in your logout.php page. You wrote only two lines but try to add one line at the top of the page in your PHP scope.
session_start();
session_destroy();
It will work...!!!
Related
When the user logs in, multiple session variable are created and work perfectly.
When they sign out and log in again it works.
However, when someone quits out of their browser without signing out, the next time they log in no session variables are created.
To sign out, one goes to my logout.php file. The code in my logout.php file is:
<?php
session_start();
session_destroy();
echo '<meta http-equiv="refresh" content=".000001;url=index.php">';
?>
I've tried pasting the code at the start of my index.php (where the login form is) but it doesn't work unless you go to the logout.php file.
Why is this and how do i fix it?
There are some possible situations:
First and main reason:
If you have already started session_start(), server may be dump error, while you trying to create new, if your errors are off, you can't see them.
Second: You do check before session destroy.
You are destroying the session before you are making sure that no session variables remain.
I would delete all of the session variables first before you destroy it, to be safe, because sometimes some get left behind. You can do this like so
if (isset($_SESSION['/*whatever session variables you are using*/'])) {
$_SESSION = array();
session_destroy();
}
Also if you are using any cookies for any reason (though this may not be the case), you need to make sure those are also deleted. something like this:
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(),'',time() - 3600);
}
Basically none of my scripts work without a session regeneration check at the top of the file, this is very strange because I've never had this issue before and I have no idea why it would force me to run this code. Below is my logout, then below that is what I have to put at the top of every single file that touches the sessions in order to make it work. Any ideas on what is wrong?
Logout:
require_once("../Core/Core.php");
if(!isset($_SESSION['LoggedIn']))
Core::ThrowError(13,"",1);
session_destroy();
header("Location: " . Core::$url);
Required to make it work: (Also I'm putting this on every page that the user views (so no things like login script page) )
<?
session_start();
if(!isset($_SESSION['started']))
{
session_regenerate_id();
$_SESSION['started'] = true;
}
?>
Update 1:
After adding session_start() above where I add data to variables I'm now able to put data into the session (Although the session was already started because it's started before you even view the login page) but when I call session_destroy() it returns false as if the session doesn't exist, but then I put session_start() above the session_destroy() and it works fine! This is really dumb whatever it is... Please help.
Update 2:
It appears I can only access session data if I put session_start() before trying to access it even if the session is already stated.
Okay I managed to fix it, I didn't know that "To use cookie-based sessions, session_start() must be called before outputing anything to the browser." so to fix it I put session_start() in the core which is required by everything so everything would call it before trying to access the sessions.
I am writing a script which is supposed to end a session for a user, and log them out of the system, thus returning them to the login page.
My logout script looks like this:
<?php
$_SESSION['signin'] = null;
session_destroy();
header("Location: /test/index.php");
?>
Initially I reset the signin variable that way even if the session isn't destroyed the variable should have at least changed so that the system believes the user is logged out.
And at the top of my login page I have a condition to forward them to the home page if they are already logged in, that way that can't visit the log in page once already logged in. This portion looks like this:
<?php
session_start();
if($_SESSION['signin'] == 5)
{
header("Location: /test/home.php");
}
?>
So in short, when someone is logged in, and clicks the link to logout it utilizes the first code block to log out, and then is forwarded to the page containing the second blcok of code.
However, this page still forwards me back to the home page, believing the user is still signed in and thus I'm guessing the signin variable was not reset.
Thoughts on how to solve my issue?
session_destroy() does not unset any of the global variables within the session. Simply using:
session_unset();
to unset all global variables, or to only unset the specified variable, use:
unset($_SESSION['signin']);
You can try something like this.
session_unset()
you don't have to use
$_SESSION['signin'] = null;
using session_destroy(); should be enough
and I don't exactly know the deep stuff of PHP, but if you set a $_SESSION variable to NULL, PHP could read it as it is set to NULL which means 'it is set'? (don't know for sure though)
In this case, if you want to destroy a variable, you could do this:
Have a page named logout.php and whenever the user needs to logout, redirect him/her to that page. Now, inside that page you'll put the following, and here I'll explain you what this does:
<?php
session_start(); //Initializes the session
unset($_SESSION['thenameofyoursession']); //This unsets a specific session, so the user is logged out, in this case it would unset "thenameofyoursession".
$URL="/test/home.php"; //This is the redirect URL
header ("Location: $URL"); //This basically will send the user back to the redirect URL using header.
die(); //terminates the PHP script from running
?>
With that you should be fine.
Your procedure is fairly obvious and similar to one that we use, however, it would be best to unset() the entire session if nothing in it is valid. -- If they aren't logged in, no session variables should exist.
My logout.php script includes this:
session_start();
session_register("loginMessage");
session_unregister("authenticatedUser");
session_destroy();
// relocate back to login page
header("Location: /");
Which works. session_unset() is historically redundant.
Hope this helps.
My website doesn't start a session when I visit, I don't know why but my website works like this:
<?php
session_start();
$title = "Home";
include("include/header.php");
include("include/functions.php");
?>
...HTML stuff here...
<?php
include("footer.php");
?>
But when I check with Cookies (add-on for Firefox) there are no sessions started... I used session_regenerate_id(); but it doesn't work at all.
It fails to log in since there are no sessions, I do not have any session_destroy() in my website, only in the logout.
But funny thing is, when I login (without refreshing or navigating just yet) and then click on the logout button, there is a session on my website, then when I log in again, it tells me that I am logged in BUT if I login and navigate or refresh, it doesn't tell me that I'm logged in since there are no sessions...
Logout:
<?php
session_start();
session_destroy();
setcookie("cookie-name", "", time()-60, "", "", 0);
header("Location: ../index.php");
exit;
?>
What do I do?
You must have session_start() at the beginning of every file that is being accessed and uses sessions. The name is misleading, session_start() actually doesn't start a new session but initialzes PHP session menagment.
Not sure if it's related, but there was a strange PHP quirk that required the SESSION_START() to be on the line immediately below the <?php tag. Something about whitespace and extra things above the session used to make it go haywire for me. I've been using Zend of late, which avoids that issue with its own session handling system.
You might try doing a print_r($_SESSION) to see if there's anything in the session array at all.
It's probably because you are not setting a session in either of the examples you have given, you have to have a line like the one below to actually create a session, and then to access the session variables on all subsequent pages you need session_start();
$_SESSION['example'] = 'something';
It doesn't look like your setting anything in the session or the cookie.
If you want to pass information around in the session you'll need to assign the necessary values in the $_SESSION variable.
For example on your main page you can do:
<?php
session_start();
$_SESSION['myVariable'] = "my text";
?>
And then on any subsequent pages you can access the variable you've set.
<?php
session_start();
echo $_SESSION['myVariable']; //This will print "my text"
?>
I am using the following code to invalidate the session. I have linked to logout.php in many pages. If that logout link is clicked the logout.php page is called. The following is the code in logout.php.
unset($_SESSION['admin']);
session_destroy();
header('Location: index.php');
Once the session is invalidated I want to open the page index.php.
But I am geting the following error:
Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session in C:\xampp\htdocs\Selection\logout.php on line 3
Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\Selection\logout.php:3) in C:\xampp\htdocs\Selection\logout.php on line 4
What is wrong?
I think that you can't have called the session_start() function before destroy the session.
You`ll need to call session_start() on top of the page to remind php that this pagecall belongs to the session. - At least PHP manual tells that.
The notes on that manual page give hint, that session_unset() is only to be used in older environments that are not using $_SESSION variable.
You have to open the session first:
header('Location: index.php');
session_start();
session_unset();
session_destroy();
The problem is that you can't destroy a session which hasn't been started. That is then raising a warning which is being echoed to the browser. The next problem is that you can't send headers after there's been output to the browser, so it raises another warning.
You just need to check if a session exists first:
if (session_name() != '') {
session_destroy();
}
You must ALWAYS use session_start(); BEFORE using a session function/variable. So start all PHP files with session_start();. Also logout.php:
session_start();
session_destroy();
header('Location: index.php');
You also don't need to unset it.