Even if I use session_destroy() in my logout controller var_dump($_SESSION); gives some output like array(1) { ["__ci_last_regenerate"]=> int(1484032559) } after user has logged out.
For this reason I think the following code for login controller is not working properly:
function login()
{
if(!isset($_SESSION['user']))
{
$this->load->view("log");
}
else
{
/********login details verification*******/
}
If so is the case how to destroy session after user logout?
Can anyone help please? Thanks.
Use CodeIgnitor native session destroy method, it should work fine as CodeIgnitor use it's own session mechanism.
e.g,
$this->session->sess_destroy();
to unset any session value use following syntax
$this->session->unset_userdata('variable');
Reference
http://www.codeigniter.com/user_guide/libraries/sessions.html?highlight=session%20destroy#destroying-a-session
Related
I'm having this project where I need to implement login functionality in my webpage. Everything function, like I have the code and I understand its implementation. I have used a static global variable to keep track of the logging in status. I'm not very keen on session variables. Thing is, my program doesn't seem to validate my login status properly even though my "MySQL" statement is correct I think. Any one knows a solution to this or how to work with session variables.
I agree with all here that you should post your code and your exact problem.
Session in PHP:
Every page must be checked before opening through 'Your Controller'. This is an example to understanding how is works. controller.php:
class controller{
//login
public function login()
{
// start session
session_start();
$_SESSION['userLoggedin'] == true;
header('index.php');
}
//To check, if user logged in
public function ifLogged()
{
session_start();
if($_SESSION['userLoggedin'] != true)
{
controller::logout();
}
}
//logout
public function logout()
{
// delete session
session_destroy();
unset($_SESSION['userLoggedin']);
header('login.php');
}
}
In your index.php you have to include your controller, to check if user has logged in or not.
index.php
require_once('controller.php');
controller::ifLogged();
I want to force a user to logout when I change it's status to 'inactive' using session in codeigniter.
I used the method below, but it destroyed my own session:
function deactivate($user_Id)
{
$this->session->unset_userdata(array('user_Id' => $user_Id));
}
I happened to need this feature implemented and here is how I did it:
record user session id as last_active_session in db after login
find that session id and delete it from session table when this user is banned or anything.
You can also use this to prevent concurrent login such as the last successful login user bump the previous one.
Use the sess_destroy() method instead:
function deactivate() {
$this->session->sess_destroy();
}
Im tying to use the command sequence:
Yii::app()->user->setFlash('success', "Successful!");
Yii::app()->user->logout();
$this->redirect(array('user/login'));
The user got logged out and redirected, but the Setflash does not work.
I also tried to change the order of 2 frist commands, but got the same problem.
If I do not logout the user, the Setflash works fine.
How can I make both commands work?
this should work
Yii::app()->user->logout();
Yii::app()->session->open();
Yii::app()->user->setFlash(...);
If you need to destroy a whole session but you want to set a flash afterwards, you may extends CWebUser this way:
<?php
class BaseWebUser extends CWebUser
{
public function logout($destroySession = true)
{
parent::logout($destroySession);
Yii::app()->session->open();
}
}
?>
have a closer look here
I think you can use this :
public function afterLogout() {
// Create new session
$session=new CHttpSession;
$session->open();
// Set flash message
Yii::app()->user->setFlash('success', 'You are logged out successfully.');
// Prepare target URL after logout
$continue_url = Yii::app()->request->hostInfo . Yii::app()->createUrl('');
// Redirect
CController::redirect($continue_url);
}
Put it inside your WebUser components.
Flash messages are stored in the session. Logging the user our destroys the user's current session. Once session_destroy() is called, you must call session_start() again in order to generate a new session ID and have this work. Yii most likely does not do that.
If it's that important that you have a "Successful" message indicating that the logout worked - then redirect the user to a "logout successful" page. Alternatively, you can look into overriding the way Yii performs a logout - although I wouldn't recommend it.
I'm new to CodeIgniter and I started to use the session library.
I have autoloaded the session library and trying to save the current user_id to the session userdata array. But the information is gone when I try to read it on an other page..
The native PHP sessions work just fine (tested it), so it must be something from CI.
I programmed a simple test page where I test the following:
Set the session userdata.
Test page shows the userdata correctly.
Uncomment the set session data lines in the code of the controller and reload the page.
Test page doesn't show the userdata.
The code of the controller:
class Welcome extends CI_Controller {
public function index(){
$data = null;
$data['test'] = "Yeeeeh!!";
$this->session->set_userdata($data);
$this->load->view('welcome_message', $data);
}
}
Code of the view:
<?php
echo $this->session->userdata('test');
?>
Why does the view display the session_id and not the "test" variable you created?
Did you test
<?php
echo $this->session->userdata('test');
?>
in the view file?
CI's sessions are cookies, not PHP native sessions. Calling sessions in a view works (IIRC), but since your view is loaded in the same request the session is created, it won't be set.
You need to call it on another request (i.e. another controller), or set the session somewhere else (in another controller, via AJAX could work also), or use native PHP $_SESSION array instead.
I think your actual code is just a test case, otherwise why not just
public function index(){
$data = null;
$data['test'] = "Yeeeeh!!";
$this->session->set_userdata($data);
$this->load->view('welcome_message', $data);
}
in view:
<?php
echo $test;
?>
I have a logout controller in codeigniter :
<?php
class Logout extends MY_Controller {
function index()
{
$this->session->sess_destroy();
redirect('index.php');
}
}
This logs me out but when i call another controller after logging, like "/site/addnewpost",
this just logs me in again, as if the sassion had not been destroyed previously. Why is this happening?
Follow ALex's suggestion, but using CI code:). What I mean, try unsetting each session data individually. I read once about an issue in version 2.0.3 I think, but I don't remember now and I don't have time to search for the reference. It's in their forum, though, and the suggestion was the same: unset each session element one by one.
$this->session->unset_userdata('data_one');
$this->session->unset_userdata('data_two');
$this->session->unset_userdata('data_three');
$this->session->unset_userdata('data_one');
$this->session->sess_destroy();
redirect('home','refresh'); // <!-- note that
//you should specify the controller(/method) name here
You need to redirect because CI's session are just cookies, not the native php session array.
Another thing...make sure the fault isn't in your login methods, which logs you in no matter if you succesfully logout or not!
Try explicitly delete items like this:
$this->Session->delete('User');
$this->Session->destroy();
$this->Cookie->delete("User");
$this->Cookie->destroy();
$this->Auth->logout();
$this->redirect('whereever');
My problem had to do with caching on the server side. The quickest I could fix it was by appending random text to the logout link:
<?php
$this->load->helper('string');
echo anchor('/home/logout/'.random_string(), 'logout');
?>
home/logout contained the same code as function index in the question.
Just so you know the redirect('/', 'refresh') did not work for me, but I again I did a quick test.
I am guessing that the random_string() method can be replaced by outputting headers that force cache to be cleared etc. As you have probably guessed, I can't do that right now as I am super busy. Maybe later.
You can also try manually setting your "logged_in" or whatever you called the session to false. Then, destroying all other session data.
$this->session->set_userdata('logged_in', FALSE);
$this->session->session_destroy();
redirect('index');
first we have to load session library to deal with session than unset the sessionID and destroy the session. I am using this code to unset my session and secure logout.
$this->load->library('session');
$this->session->set_userdata('user_id', FALSE);
$this->session->sess_destroy();
$this->load->view('your URL');