I have created one login using PHP and MYSQL.
If login the page, it will go to the new page.
My Problem:
Once logout my login page its again showing the new page itself,but I don't want to show that page after I logout
?php
session_start();
if (!isset($_SESSION['username'])) {
$_SESSION['msg'] = "You must log in first";
header('location: login.php');
}
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['username']);
header("location: login.php");
}
Try
if (isset($_GET['logout'])) {
session_destroy();
sesion_write_close();
header("Location: login.php");
exit();
}
Here session_destroy(); destroys all sessions created after successful login. On the other hand sesion_write_close(); makes sure no further conflicting session shall be written after destroying the sessions and before redirecting the page to the defined location. However, it's a very basic but clear and effective logout guideline.
Related
I'm securing single page with session:
if($username === 'admin' && $password === 'admin1'){
$_SESSION['secured'] = "Secured";
header('LOCATION:admin/approve.php'); //go to location after successful login.
die();
}
In approve page I'm checking if session is set:
session_start(); //starting session to acces to it
if(!isset($_SESSION['secured'])){
exit();
}
I made a logout button that redirect to site index, but after logout when I'm tring to reach the secure page i dont have problem to enter, and session is still set.
Logout code:
unset($_SESSION); //clear session array
session_destroy(); //Destroy session
unset($_SESSION['secured']);
header("Location: ../index.html");
You mean the approve page?
What I see is that you did not specify where the page should exit to...
Maybe you should try something like this:
session_start(); //starting session to acces to it
if(!isset($_SESSION['secured'])){
header("Location: ../index.html");
exit();
}
I hope it helps
I'm just implementing a login and logout system using PHP and experiencing problems with logout. The system outline is as follows:
When the user logs in, a session is created with a session variable "user" and "stud" as i'm creating it for student and admin.
After the session is set up, the user is redirected to home.php file.
In that file, a logout button is placed. When the user clicks the logout button session destroyed, but it destroyed both account. I try login both account, student and admin, but when i try logout for admin, it'll destroyed both account.
Anyone can help me with this problem?
here is my coding for admin logout:
session_start(); if(!isset($_SESSION['user'])) { header("Location:
index.php"); } else if(isset($_SESSION['user'])!="") {
header("Location: homeAdmin.php"); }
if(isset($_GET['adminLogout'])) { session_destroy();
unset($_SESSION['user']); header("Location: index.php"); }
You have maintain the sessions for user and admin separately like $_SESSION['user'] and $_SESSION['stud']
and destroy the respective session on logout process. Means if logout the user than destroy only $_SESSION['user']
if(isset($_GET['adminLogout'])) { session_destroy(); unset($_SESSION['user']); header("Location: index.php"); }
Here you are taking the parameter admin logout and destroying user session as well. I assume you should first check which session is set and destroy that particular session. Also don't use session destroy, just unset will work for you.
session_destroy destroys all the session, you can check here for more reference how it works
http://php.net/manual/en/function.session-destroy.php
thank you guys i've got my answer. here am sharing teh answer of the problems:
<?php
session_start();
if(!isset($_SESSION['user']))
{
header("Location: index.php");
}
else if(isset($_SESSION['user'])!="")
{
header("Location: homeAdmin.php");
}
if(isset($_GET['adminLogout']))
{
unset($_SESSION['user']);
header("Location: index.php");
}
?>
just delete the session_destroy()
Hello i am trying to destory session when i press signout button then it's logging out and redirecting to login page; but when click back in browser that page is loading with loign menu on top.
And i have wrote a code in everypage as if session not available redirect to login page.
Here is my logout code for session_destroy:
elseif(isset($_GET['type']) && $_GET['type']== "logout" )
{
if (!isset($_SESSION['id'])) {
header('location:index.php');
} else {
session_destroy();
$_SESSION = array();
header('location:index.php');
}
}
here is the code what i have mentioned in all pages:
session_start();
include_once('includes/config.php');
if(!isset($_SESSION['id'])) {
header('location:login.php');
}
So my question is completly logout if press back it should not load and has to redirect to login page.
<?php
session_start();
if($_SESSION['id']){
unset($_SESSION['id']); // destroys the specified session.
}
header('Location:index.php'); //redirect to preferred page after unset the session
?>
session_destroy()
By this function you can destroy all session at browser. If you work with php you should write :
ob_start ();
session_start();
By this your buffer also flush and new start session. Try with it.
Create a page like signout.php, And set signout button link to this page.
Example
Signout
Add below codes for signout.php page.
session_start(); #Start new or resume existing session
#session_unset($_SESSION['key']); #Free specific session variable if you want, OR
session_destroy(); #Destroys all data registered to a session
header('location:login.php'); #Redirect to login page after logout
This should work for you!
Try in this way :
session_start();
unset($_SESSION["id"]);
session_destroy();
header('location:index');
I have a simple website that lets the admins and users log in. There credentials are saved onto a mysql server in 2 separate tables. 1 for user, 1 for admin.
They both of different login pages, user has userlogin.php and admin has adminlogin.php
What i want is, when they are both done with accessing the site, i want them to click logout and through session variables, use just the one logout.php and redirect them to their respective login pages.
So if the user logs out, they should be redirected to userlogin.php and if admin logs out, they should be redirected to adminlogin.php
<?PHP
session_start();
unset($_SESSION["userid"]);
header("Location: userlogin.php");
unset($_SESSION["adminid"]);
header("Location: adminlogin.php");
?>
This is what i have so far.
if(isset($_SESSION["userid"]))
{
unset($_SESSION["userid"]);
header("Location: userlogin.php");
}
elseif(isset($_SESSION["adminid"]))
{
unset($_SESSION["adminid"]);
header("Location: adminlogin.php");
}
die();
Use session_destroy()
logout.php
<?php
session_start();
if(isset($_SESSION["adminid"]))
{
unset($_SESSION["adminid"]);
session_destroy();
header("Location: adminlogin.php");
}
else
{
unset($_SESSION["userid"]);
session_destroy();
header("Location: userlogin.php");
}
?>
<?php
session_start();
header ('Location: ' . (isset($_SESSION['adminid']) ? 'adminlogin.php' : 'userlogin.php'));
$_SESSION = array();
session_destroy();
?>
Since some people asked for an explanation, this code first starts the session with session_start();.
After that, it sets the location header to be sent to the client. The code checks if the adminid is set, if so, we'll redirect to adminlogin.php. If not, we'll just redirect to userlogin.php.
Then, the code sets the $_SESSION to array(); (basically just empties it) so that all the previously set data is gone.
Finally, the session is destroyed and the client will get redirected.
I have a log in script where I have been able to successfully make users, and log in. Now my issue is that whenever I try to use my method of protecting pages, being seeing if there is a SESSION for 'user' if not it directs you back to the login page.
Here is me checking for the session,
require("common.php");
if(empty($_SESSION['user']))
{
header("Location: login");
die("Redirecting to login");
}
Here is where I am setting my session, I am ONLY setting a session_start(); on login.php
if($login_ok)
{
unset($row['salt']);
unset($row['password']);
$_SESSION['user'] = $row;
header("Location: home?worked=1");
die("Redirecting to: home?worked=1");
session_start();
}
else
{
print("Login Failed.");
$submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8');
}
}
What this does, is I log in, and it will process and bring me to my home page, then process the header back to the login page acting as if I am not logged in. I tested a false login and it IS telling that its the correct login.
Thanks for any help, I'm pulling my hair out here!
Necro
EDIT
I moved session_start(); to the top of my common.php, and everything is perfect.
You have session_start(); after $_SESSION['user'] = $row;
Actually you have it after a die(); command. Nothing happens after that.
Put session_start(); at the top of PHP in every page (pref common.php since you have one) not just one page.
It would be better to set the session_start() on top
You need to put session_start(); on every page you want to use the session.