I am new to PHP world. Currently, it's version is 5.
I'm trying to prepare a logout script.
I tried-
session_start();
unset($_SESSION["abc"]);
session_destroy();
But still the session vars are alive. I also tried from php.net
session_start();
$_SESSION = array();
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
session_destroy();
Unfortunately, it's not working too.
Any help?
NOTE I already tried that and I mentioned that code in my question. So
it's not a duplicate question.
Related
How i fixed this issue need guidance.
Fatal error: Uncaught TypeError: setcookie(): Argument #3 ($expires_or_options) must be of type array|int, string given in D:\xampp\htdocs\ford\logoff.php:9 Stack trace: #0 D:\xampp\htdocs\ford\logoff.php(9): setcookie('PHPSESSID', '1629284838', '/') #1 {main} thrown in D:\xampp\htdocs\ford\logoff.php on line 9
<?php
session_start();
if(isset($_SESSION["logged_in"])){
$_SESSEION =[];
if(ini_get('session.use_cookies')){
setcookie(session_name(),time()-15,"/");
}
session_destroy();
header("Location:login.php");
}
else{
header("Location:login.php");
}
?>
From session_destroy man page:
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
I have 2 user level, one is for the admin_tbl and the other is for cashier_tbl they have the same database. My problem is whether I log out either cashier or admin the other one is also log out when I refresh the page. I dont know what the problem is, I used different table so but it log out both of them at the same time? kindly help me with this problem, give me some ideas of whats wrong. Thanks!
UPDATE: Thats my logout code for both cashier_tbl and admin_tbl
This is my code for cashier_tbl
<?php
session_start();
$_SESSION = array();
if (ini_get("session.use_cookies")){
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
session_destroy();
header("Location: index.php");
?>
And this is for my admin_tbl
<?php
session_start();
$_SESSION = array();
if (ini_get("session.use_cookies")){
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
session_destroy();
header("Location: index.php");
?>
Your problem on this line :
if (isset($_SESSION['user_id']))
{
header("Location: user_maintenance.php");
}
it's redirect you to user_maintenance.php even if $_SESSION is empty. And on :
if (isset($_SESSION['user_id']))
{
header("Location: order.php");
}
is same to.
These is the others correct way.
I assumed you never set session_unset() or session_destroy() in your logout method.
Delete session_unset() and session_start(); in the first line of your code above, it's not neccessary.
After check the user login method like your code above, in your file order.php and user_maintenance.php, start the session. it would something like this :
<?php
session_start();
// check if the user was login or not
if($_SESSION['login'] == false){
header('Location: user-is-not-login.php');
}
?>
// this area can be access if session is true.
create logout method in location that session was set. something like this :
<?php
session_start();
session_destroy();
session_unset();
header('Location: login.php');
?>
You need to destroy the session before set a new session.
hope these help.
Here the go where user is log in. I cannot seem to be able to logout when I log in with 'remember me' not active...
while($user = $stmt->fetch(PDO::FETCH_ASSOC)) {
$passwordDB = $user['mypassword'];
$email = $user['email_address'];
$userid = $user['user_id'];
}
if ($remember_me == "true"){ // Create a Cookie if remember_me is active
$expire = time()+60*60*24; // Valid for only 1 day
setcookie("cookie_username", $username, $expire, "/");
setcookie("cookie_email", $email, $expire, "/");
setcookie("cookie_userid", $userid, $expire, "/");
} else if ($remember_me == "false") { // Only create a session if remember_me is not active
session_start(); // cannot logout if i put it here
$_SESSION['session_userid'] = $userid;
$_SESSION['session_username'] = $username;
$_SESSION['session_email'] = $email;
}
My php logout code
<?php
require_once 'mydatabase.php';
$_SESSION = array();
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 86400,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
?>
I can properly logout when my 'remember me' checked is on.
Issue solve: I accidentally erase my session_start() at the top of my logout and forgot to put it back in.
To kill off all the session variables you could try something akin to this
if( isset( $_SESSION ) ){
$vars=array(
'session_userid',
'session_username',
'session_email'
);
foreach( $vars as $var ){
#unset( $_SESSION[ $var ] );
}
#session_unset();
#session_destroy();
#session_start();
#session_regenerate_id( true );
}
Without knowing how you check if user is logged in, id assume that you need to session_start(); in your logout code as well
Use the developer tools to see which data the browser is currently holding.
I would use session_start and session_destroy() like this:
<?php
session_start();
session_destroy();
require_once 'mydatabase.php';
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 86400,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
I have a script which is meant to finish the current session and start a new one. There is a segment of code I use and it works fine on my development computer. However, when I posted it to the production server, the session id is constantly remaining the same.
The following is my code for restarting the session:
session_start();
$_SESSION = array();
$_POST = array();
$_GET = array();
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(),
'',
time() - 42000,
$params["path"],
$params["domain"],
$params["secure"],
$params["httponly"]
);
}
session_destroy();
session_write_close();
session_start();
session_regenerate_id(true);
On the last line, a new session id is not generated.
Why would this be different between two servers running PHP? And what can I do to correct it?
After some experimenting I solved the problem.
The session_regenerate_id(true) line does not regenerate a new session id if any text has been written into the response. I already had a series of echo statements issuing text for debugging purposes and after I removed them new session ids were created.
session_regenerate_id() updates the current session id with a newly generated one. It does not change session variables.
echo session_id();
session_regenerate_id();
echo session_id();
You should unset session to do that:
unset($_SESSION); // or
$_SESSION = array();
How to start a new session:
session_start();
session_destroy();
session_regenerate_id();
unset($_SESSION);
session_start();
I have an index.php which contains my login form and using a session to login. How do I destroy the session everytime a user access the index.php for security?
All you have to do is this:
session_unset();
or:
session_destroy();
depending on your requirement.
References:
http://php.net/manual/en/function.session-destroy.php
http://php.net/manual/en/function.session-unset.php
try this:
<?php unset($_SESSION['whatever']); ?>
Will remove the session.
// Completely remove session and associated data:
<?php
// open the session.
session_start();
// Unset all of the session variables.
$_SESSION = array();
// delete the session cookie.
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
session_unset();
// Finally, destroy the session.
session_destroy();
?>