Was just wondering why my code isn't working here:
<?php
session_start();
if (isset($_SESSION)) {
session_unset();
session_destroy();
}
?>
I've tried printing out the result of echo isset($_SESSION) and it returns true, and my pages that require login are still allowing me to access them.
You must definitely define a variable as session
for example:
LOGIN
<?php
session_start();
if($_POST['username']){
$_SESSION['username'] =$_POST['username']; // session run
}
?>
LOGOUT
<?php
session_start();
if($_POST['LOGOUT']=='exit'){
#session_unset();
}
?>
You can also use
unset($_SESSION['username']);
instead of
session_unset();
Related
I use this class but have issue. All sessions found in the database are not deleted.
What command to clear the session from the database should be used?
I tested with Firefox and Chrome. This is my code for clear session:
<?php
ob_start();
require_once '../inc/class_session.inc.php';
$session = new Session();
if(!isset($_SESSION['admin']) OR !isset($_SESSION['userid'])){
unset($_SESSION['admin']);
unset($_SESSION['userid']);
session_destroy();
session_unset();
header('location: index.php');
exit();
}
?>
<?php
1.
if (isset($_SESSION['username'])) {
header('Location: log.php');
}
2.
if (session_id() != '') {
header('Location: log.php');
}
3.
if(isset($_SESSION['username']))
{
header("Location: log.php");
exit;
}
4.
if (session_status() != PHP_SESSION_NONE) {
header("Location: log.php");
}
?>
I want my php to redirect to from main.php to log.php if the session is live. I want to achieve an effect where logged on users cannot access a page and once they try to do it via a url they get automatically redirected to a different page.
Above are the attempts I did and did not work for me.
You need session_start.
session_start();
if(!isset($_SESSION['username'])) {
header("Location: log.php");
exit;
}
I think that you miss the call to php session_start().
Try this:
<?php
session_start();
if (isset($_SESSION['username'])) { header('Location: log.php'); }
?>
And be sure that your use logged account.
although it's 4 years later,I solve this problem just now.
Please make sure all these matter:
1. All the pages have to set the below parameter in the beginning
if (session_status() == PHP_SESSION_NONE) {session_start();}
Adding the session variable must use $_SESSION in order to set the session as globally
exit(); must be added after header("location: $URL ");
I have created a login/logout system in my application but it's not working even using session_start();, session_destroy(); and session_unset (); etc.
Here is what I have done so far:
the first page (login)
<?php
if(
!isset($_SERVER['PHP_AUTH_USER'])||
!isset($_SERVER['PHP_AUTH_PW'])||
($_SERVER['PHP_AUTH_USER'])!="admin"||
($_SERVER['PHP_AUTH_PW']!="admin")
)
{
header('WWW-Authenticate: Basic realm="Accès refusé"');
echo 'Accès refusé';
exit;
}
else
session_start ();
$_SESSION['PHP_AUTH_USER'] = "admin";
$_SESSION['PHP_AUTH_PW'] = "admin";
echo '
and this is the logout part
<?php
session_start();
session_unset ();
session_destroy();
header("Location: index.php");
die;
?>
The problem is that the session is not destroyed, even when clicking the logout button.
You are using http authentication
Cookies and Sessions does not have any influence on http authentication
"No correct way exists" to logout.
Create another login/logout system, it's not hard.
I have a logout file for my web application. I would like to create a session after the logout so that I can echo a logout success message. My logout code works but I am unable to create a new session after destroying the previous one.
What is the best way to do this, see code:
//LOGOUT.PHP
session_start();
//// unset all $_SESSION variables
session_regenerate_id();
session_unset();
session_destroy();
$_SESSION['logoutsuccess'] = 'You have successfully logged out.';
header("Location: /login/");
exit;
//LOGIN.PHP (ECHO SUCCESS MESSAGE)
if(isset($_SESSION['logoutsuccess']))
{
echo '<div class="success">'.$_SESSION['logoutsuccess'].'</div>';
unset($_SESSION['logoutsuccess']);
}
I would like to avoid passing variables in the url if possible.
Call session_start() again after session_destroy()?
Just start a new session:
session_start();
session_destroy();
session_start();
$_SESSION['food'] = 'pizza';
Instead of trying to store it as a session variable, you could check the referer and check for /logout/
if(strpos($_SERVER['HTTP_REFERER'], 'logout') !== false) {
echo 'You have successfully logged out.';
}
session_id($session_id_to_destroy);
session_start();
session_destroy();
session_commit();
What is the alternative to the deprecated function session_is_registered() in PHP 5?
Here's my code:
ob_start();
session_start();
if(!session_is_registered(myusername))
{
header("location:main_login.php");
}
ob_flush();
"You need to set and reference $_SESSION variables only." For example:
if( isset($_SESSION[$myusername]) )
From http://www.phpfreaks.com/forums/index.php?topic=263189.0
on a side note, best use $_SESSION['username'] = $myusername;. Using the $_SESSION[$myusername] as a variable may overwrite existing variables in the session.
But if you set anything in the session variable it will display you the protected page:
e.g.,
<?php
session_start();
if(isset($_SESSION[$myusername])){
echo "welcome to protected page.";
}
else {
header('location:login.php');
die;
}
?>
Use session_id()
if (!session_id()) {
// do stuff
}
if there is no session id nothing will be returned. (docs - session_id() )