I've got a problem with session_start() function.
This is the first time I met this problem, I have a few session variables. When I open logout.php file, session is destoryed. But then, when I call session_start(), all the previous session variables "revive".
logout.php
session_destroy();
header('Location: login.php');
Even when I delete all the $_SESSION data manually like:
$_SESSION = array();
those variables are still there after calling session_start();
I have no idea why does session_start work like that.
I hope you can help me, thanks in advance!
Related
I am newbie in php. I can not under stand a thing that session variable is outputting even after session_destroy() and session_unset().Here is my simple code for test
`session_start();
SESSION['name']='sovon';
session_destroy();
session_unset($_SESSION['name']);
echo $_SESSION['name'];
`
The output is 'sovon'. My question what is session_destroy() and session_unset() doing here and whats the difference between them?
Oh! when I am deleting session_destroy() that variable is getting unset. why?
I got it faisal, session_distroy is destroying session if its created in other pages. If the session variable created on the same page then it will be remain. The best practice is to null the session variable after session distroY $_SESSION = NULL;
Like I am using in logout,
session_start();
session_distory();
$_SESSION = NULL;
header('Location: Login.php');
I think this help you.
Perhaps its easier if you read the php manual.
session_destroy()
session_destroy() destroys all of the data associated with the current
session. It does not unset any of the global variables associated with
the session, or unset the session cookie. To use the session variables
again, session_start() has to be called.
So if you want to unset the data inside. You have to unset it.
unset($_SESSION);
Session unset...
session_unset()
deletes all variables and leave session_id. But session_unset has no parameters.
What you search is
unset($_SESSION['name']);
The following works perfectly in all browsers to kill and destroy and unset all session info. Perfect to put it in sign-out file.
<?php
session_start();
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(),'',0,'/');
session_regenerate_id(true);
?>
When I log a user out of an app I am building I use session_destroy();
But when I go back to the page, all session variables are still set.
How can I completely destroy all session variables and ultimately require a user to log back in again?
Here is my code:
session_unset(); // clears all session variables
$_SESSION = array();
session_destroy(); // deletes session id
Thanks
After using session_destroy(), the session cookie is removed and the session is no longer stored on the server. The values in $_SESSION may still be available, but they will not be on the next page load.
If you need to clear the values of $_SESSION, set the array equal to an empty array:
Of course, you can't access the values of $_SESSION on another page once you call session_destroy, so it doesn't matter that much.Still if you are concerned .
Try the following:
session_destroy();
$_SESSION = array(); // Clears the $_SESSION variable
you are not calling session_destroy() for sure, your code may be unable to access it.
Post more code so we could help you
sorry for a repetitive question, I've seen a few of these on this forum but none of the responses worked for me...
I am building a basic login using php sessions, which I'm new at...
login.php validates html login form and begins a session, setting variables: $_SESSION['login'] and $_SESSION['id],
then each page that requires a valid login uses require 'session.php'; which checks the $_SESSION['valid'] variable and redirects a user w/o proper login variable. The problem is when I logout neither session variable I've set will unset.
Right now my logout.php file uses about every method to destroy the variables that I've been able to find online and none will actually do it.
So whenever I log out, I can still access the 'private' pages.
Also note: I have tried it w/o a session name ex: session_start(); that didn't work so now I'm using session_start("user");
Also note: I am NOT using cookies.
Here are the files I mentioned:
login.php
$email=$_POST['email-log']; $pass=$_POST['password-log'];
$i=-1;
do
{$i++; $path="users/".$i.".json";
$file= file_get_contents($path);
$x=json_decode($file,true);
} while($x['email']!=$email);
$id=$i;
$truepass=$x['pass'];
$errors=0;
$hash=hash('sha256',$pass);
if($hash != $truepass){$errors=$errors+1;}
if($errors==0){
session_start("user");
$_SESSION['login']="valid";
$_SESSION['id']=$id;
header('Location: loginlanding.php');}
else{header('Location: front.php?error=y');}
session.php
session_start("user"); if($_SESSION['login'] !== "valid") {header('Location: front.php?needto=login');}
logout.php
unset($_SESSION); unset($_SESSION['login']); unset($_SESSION['id']); session_unset("user"); $_SESSION=array(); session_destroy("user"); header('Location: front.php?logged=out');
Any and all responses are welcome and I thank you in advance, also note, I am new to logins in general so any advice to beef up security is welcome also. I'm planning on making it more secure, but first I need to get this basic functionality up and running.
You should never unset($_SESSION).
The easiest way to clear the $_SESSION variable is $_SESSION = Array();
However, you can also iterate with unset:
foreach(array_keys($_SESSION) as $k) unset($_SESSION[$k]);
It's amazing how many things you're attempting to do after you've unset the only reference you had to the session in the first place. Directly from the manual:
Caution
Do NOT unset the whole $_SESSION with unset($_SESSION) as this will disable the registering of session variables through the $_SESSION superglobal.
http://php.net/manual/en/function.session-unset.php
You're unsetting $_SESSION so your unsets to the other arrays of the super global $_SESSION aren't registering, leaving them still in the browsers temporary cookies. Use session_unset() instead if you're trying to remove all session variables. Otherwise, don't unset the session global, but unset each individual value of it you want to remove.
My working example (notice that you must put start on the call)
<?php
session_start();
session_unset();
session_destroy();
header('location: ./');
?>
I'm using $_SESSION to create a login system, it work before but I modified something because now, its not work...
In login.php, I get the values with $_POST:
$_SESSION['id'] = $_POST['id'];
and after, I redirect with a Header( Header("Location: panel.php"); ) checking if exist some $_SESSION['id']:
if(isset($_SESSION['id']))
, when redirect to this page, the value on $_SESSION is empty...
I'm not using session_destroy to do that, someone can help me?
PS.: I call session_start() in all page, included panel.php
you have to initialize the session on each php page. with session_start().
define session_start() on top of each php page where you want to use session variable. otherwise session variable won't work
I am using the following code to invalidate the session. I have linked to logout.php in many pages. If that logout link is clicked the logout.php page is called. The following is the code in logout.php.
unset($_SESSION['admin']);
session_destroy();
header('Location: index.php');
Once the session is invalidated I want to open the page index.php.
But I am geting the following error:
Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session in C:\xampp\htdocs\Selection\logout.php on line 3
Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\Selection\logout.php:3) in C:\xampp\htdocs\Selection\logout.php on line 4
What is wrong?
I think that you can't have called the session_start() function before destroy the session.
You`ll need to call session_start() on top of the page to remind php that this pagecall belongs to the session. - At least PHP manual tells that.
The notes on that manual page give hint, that session_unset() is only to be used in older environments that are not using $_SESSION variable.
You have to open the session first:
header('Location: index.php');
session_start();
session_unset();
session_destroy();
The problem is that you can't destroy a session which hasn't been started. That is then raising a warning which is being echoed to the browser. The next problem is that you can't send headers after there's been output to the browser, so it raises another warning.
You just need to check if a session exists first:
if (session_name() != '') {
session_destroy();
}
You must ALWAYS use session_start(); BEFORE using a session function/variable. So start all PHP files with session_start();. Also logout.php:
session_start();
session_destroy();
header('Location: index.php');
You also don't need to unset it.