I'm just implementing a login and logout system using PHP and experiencing problems with logout. The system outline is as follows:
When the user logs in, a session is created with a session variable "user" and "stud" as i'm creating it for student and admin.
After the session is set up, the user is redirected to home.php file.
In that file, a logout button is placed. When the user clicks the logout button session destroyed, but it destroyed both account. I try login both account, student and admin, but when i try logout for admin, it'll destroyed both account.
Anyone can help me with this problem?
here is my coding for admin logout:
session_start(); if(!isset($_SESSION['user'])) { header("Location:
index.php"); } else if(isset($_SESSION['user'])!="") {
header("Location: homeAdmin.php"); }
if(isset($_GET['adminLogout'])) { session_destroy();
unset($_SESSION['user']); header("Location: index.php"); }
You have maintain the sessions for user and admin separately like $_SESSION['user'] and $_SESSION['stud']
and destroy the respective session on logout process. Means if logout the user than destroy only $_SESSION['user']
if(isset($_GET['adminLogout'])) { session_destroy(); unset($_SESSION['user']); header("Location: index.php"); }
Here you are taking the parameter admin logout and destroying user session as well. I assume you should first check which session is set and destroy that particular session. Also don't use session destroy, just unset will work for you.
session_destroy destroys all the session, you can check here for more reference how it works
http://php.net/manual/en/function.session-destroy.php
thank you guys i've got my answer. here am sharing teh answer of the problems:
<?php
session_start();
if(!isset($_SESSION['user']))
{
header("Location: index.php");
}
else if(isset($_SESSION['user'])!="")
{
header("Location: homeAdmin.php");
}
if(isset($_GET['adminLogout']))
{
unset($_SESSION['user']);
header("Location: index.php");
}
?>
just delete the session_destroy()
Related
I'm securing single page with session:
if($username === 'admin' && $password === 'admin1'){
$_SESSION['secured'] = "Secured";
header('LOCATION:admin/approve.php'); //go to location after successful login.
die();
}
In approve page I'm checking if session is set:
session_start(); //starting session to acces to it
if(!isset($_SESSION['secured'])){
exit();
}
I made a logout button that redirect to site index, but after logout when I'm tring to reach the secure page i dont have problem to enter, and session is still set.
Logout code:
unset($_SESSION); //clear session array
session_destroy(); //Destroy session
unset($_SESSION['secured']);
header("Location: ../index.html");
You mean the approve page?
What I see is that you did not specify where the page should exit to...
Maybe you should try something like this:
session_start(); //starting session to acces to it
if(!isset($_SESSION['secured'])){
header("Location: ../index.html");
exit();
}
I hope it helps
I have created one login using PHP and MYSQL.
If login the page, it will go to the new page.
My Problem:
Once logout my login page its again showing the new page itself,but I don't want to show that page after I logout
?php
session_start();
if (!isset($_SESSION['username'])) {
$_SESSION['msg'] = "You must log in first";
header('location: login.php');
}
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['username']);
header("location: login.php");
}
Try
if (isset($_GET['logout'])) {
session_destroy();
sesion_write_close();
header("Location: login.php");
exit();
}
Here session_destroy(); destroys all sessions created after successful login. On the other hand sesion_write_close(); makes sure no further conflicting session shall be written after destroying the sessions and before redirecting the page to the defined location. However, it's a very basic but clear and effective logout guideline.
Hello i am trying to destory session when i press signout button then it's logging out and redirecting to login page; but when click back in browser that page is loading with loign menu on top.
And i have wrote a code in everypage as if session not available redirect to login page.
Here is my logout code for session_destroy:
elseif(isset($_GET['type']) && $_GET['type']== "logout" )
{
if (!isset($_SESSION['id'])) {
header('location:index.php');
} else {
session_destroy();
$_SESSION = array();
header('location:index.php');
}
}
here is the code what i have mentioned in all pages:
session_start();
include_once('includes/config.php');
if(!isset($_SESSION['id'])) {
header('location:login.php');
}
So my question is completly logout if press back it should not load and has to redirect to login page.
<?php
session_start();
if($_SESSION['id']){
unset($_SESSION['id']); // destroys the specified session.
}
header('Location:index.php'); //redirect to preferred page after unset the session
?>
session_destroy()
By this function you can destroy all session at browser. If you work with php you should write :
ob_start ();
session_start();
By this your buffer also flush and new start session. Try with it.
Create a page like signout.php, And set signout button link to this page.
Example
Signout
Add below codes for signout.php page.
session_start(); #Start new or resume existing session
#session_unset($_SESSION['key']); #Free specific session variable if you want, OR
session_destroy(); #Destroys all data registered to a session
header('location:login.php'); #Redirect to login page after logout
This should work for you!
Try in this way :
session_start();
unset($_SESSION["id"]);
session_destroy();
header('location:index');
This is my PHP code to end the session but when I click on the back button it still go back into my previous page.
<?php
session_start();
if(session_destroy()) // Destroying All Sessions
{
header("Location: login.php"); // Redirecting To Home Page
}
?>
Really you should not be able to view a page if you are not logged in. Just do this on the top of every page.
<?php
session_start();
//check some value that lets you know if a user is logged in.
if(empty($_SESSION['user_id'])){
header("Location: login.php")
}
the redirect will happen even if your site is cached.
take a look here: http://php.net/manual/en/function.session-destroy.php
This just deletes all data within session but not the session itself, You have also to delete the session id and the session cookie (setcookie())
I have a simple website that lets the admins and users log in. There credentials are saved onto a mysql server in 2 separate tables. 1 for user, 1 for admin.
They both of different login pages, user has userlogin.php and admin has adminlogin.php
What i want is, when they are both done with accessing the site, i want them to click logout and through session variables, use just the one logout.php and redirect them to their respective login pages.
So if the user logs out, they should be redirected to userlogin.php and if admin logs out, they should be redirected to adminlogin.php
<?PHP
session_start();
unset($_SESSION["userid"]);
header("Location: userlogin.php");
unset($_SESSION["adminid"]);
header("Location: adminlogin.php");
?>
This is what i have so far.
if(isset($_SESSION["userid"]))
{
unset($_SESSION["userid"]);
header("Location: userlogin.php");
}
elseif(isset($_SESSION["adminid"]))
{
unset($_SESSION["adminid"]);
header("Location: adminlogin.php");
}
die();
Use session_destroy()
logout.php
<?php
session_start();
if(isset($_SESSION["adminid"]))
{
unset($_SESSION["adminid"]);
session_destroy();
header("Location: adminlogin.php");
}
else
{
unset($_SESSION["userid"]);
session_destroy();
header("Location: userlogin.php");
}
?>
<?php
session_start();
header ('Location: ' . (isset($_SESSION['adminid']) ? 'adminlogin.php' : 'userlogin.php'));
$_SESSION = array();
session_destroy();
?>
Since some people asked for an explanation, this code first starts the session with session_start();.
After that, it sets the location header to be sent to the client. The code checks if the adminid is set, if so, we'll redirect to adminlogin.php. If not, we'll just redirect to userlogin.php.
Then, the code sets the $_SESSION to array(); (basically just empties it) so that all the previously set data is gone.
Finally, the session is destroyed and the client will get redirected.