Php: Start session In one api and destroy in another api - php

I am starting session in one api using session_start and want to end session in another api. Both API are written in different PHP files.
Can I destroy PHP session created in first API from second API? I am not able to destroy session from second API using session_destroy. I am getting error session uninitialized.
Also can I give timeout/cookie to session?

// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();

Did you start the session on the second page? You have to start it before you destroy it.
session_start();
session_unset();
session_destroy();
Try that.

Related

Cannot destroy php session in chrome

When I signout, I call the following to destroy the session. It works in other browsers but in Chrome, the session is still there.
session_unset();
session_destroy();
Please help if I there's a special way to do it in Chrome and other browsers.
When in doubt, check the manual:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
session is stored on server - it have nothing to do with browser ( in browser could be only cookie with session id or something like )

How to set a fixed session id?

I have 2 different session id's on 5 different php pages in the same directory on the same host.
I call session_start(); right after the php-tag on top of every page
I converted all the pages to utf-8 without DOM
I set all file permissions to 644
I tried clearing my browser cache
I tried clearing the sessions using the script below
session_start();
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_unset();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
To no avail.
How do I fix this bug?
If you use unset($_SESSION); that should remove all current sessions I believe.
Then, to set a global session you just do
$_SESSION['user_id'] = "0001"
And then call it by using $_SESSION['user_id'].
Make sure, like you do in the demo above, that you have session_start(); at the top of pages you want to call session variables on.
That might not be the most up to date way, but that's how I've been doing it - just with the unset being assigned to each part of the session array instead of the whole thing.

freeing session variables

In our website, we have applied lots of session variables. After setting, we shall unset them to free the server resources.
Apart from unset each session one by one, would there be any function that can check a website that has session variables not being unset yet?
Thank you.
To unset a single record, use
unset($_SESSION['varname']);
To clear a full session, use
session_destroy();
A session is removed automatically, when it is not accessed for a while (configurable via php.ini). Because of this it is not required to remove orphaned session data yourself.
This can be done with session_destroy();
http://www.php.net/manual/en/function.session-destroy.php
You need session_destroy();
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
Also unset the cookie created by the session!

problem with removing sessions in PHP by unset_session in FireFox

While I'm pressing on log out link it's not exit the user from the page but when I'm refreshing manually after the clicking it really will log out.
The log out command is:
$URL = $_GET['url'];
session_unset();
redirect($URL);
When the page is redirected I see the session variables although they were deleted and
just after manual refresh it's OK.
There is no any problem in Chrome and IE.
In order to really log the user out, you need to also unset the session ID and the cookie which is used to propagate the session id to the client.
Here is a sample code from the PHP manual which does that:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();

Best way to completely destroy a session - even if the browser is not closed

Is it enough to
session_start(); // Must start a session before destroying it
if (isset($_SESSION))
{
unset($_SESSION);
session_unset();
session_destroy();
}
when the user selects Log out from a menu, but does not quit his browser? I want to totally remove all existence of the session and $_SESSION
According to the manual, there's more to do:
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
The manual link has a full working example on how to do that. Stolen from there:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>

Categories