I am working on a webapp in php, and my session keeps getting destroyed on only certain views of my application and I can't seem to find out why. I can't upload all the code here because there is too much, so I want to know what can destroy a session and I will look for the problem.
The weird part is that it happens inbetween two views, for example it fully loads the first view with no problem (I checked with echo statements at the end of that view to make sure it was still active) and when I click on a link the session variable is destroyed before loading the next view.
if it happened only on certain view, is there any session unset or session destroy? and maybe you need to add session_start() on controller which have those view (linked). (read also https://www.sitepoint.com/php-sessions/ about session_start section )
You can destroy ALL the session array :
session_destroy();
Or only unset some parts :
unset($_SESSION('your_thing']);
An other way is to put empty some parts of the array:
$_SESSION['your_thing'] ='';
All are correct, but if you destroy all the session, on the next page you have to set session_start(); if you want use session, but you 'll lose all informations.
the best way is to use unset or empty the array ...
You can use the session_destroy();-function to destroy the whole session (and all $_SESSION-values with it) or you can the unset-function to destroy a value by key as if $_SESSION was an array.
Make always sure you're using session_start() the right way. On top on every page you are using the sessions. The session keeps destroying because the session was never made. To make it work, be sure you have set up the session start like this example:
<?php
session_start(); // Be on top
?>
<!DOCTYPE html>
<!-- The rest of your page
I hope this will help you
Related
I'm a noob programmer so I apologies in advance for any obvious mistakes. I've spent the past week creating a product database kinda thing. I've got too the point where I can add products using a form, view all products added etc. I've being using sessions which are created via the form input data. I'm struggling to include get a delete product page working, I've tried using unset to clear the variable but can't get it too work.
ADD Product page which sets the session variable:
$_SESSION['Products'][] = $_POST; //is how i set the session on the add products page.
unset $_SESSION['Products'][]; //is how i have tried to clear the session although it does not work.
Any point in the right direction will be appreciated!
You can unset session variable using:
session_unset - Frees all session variables (It is equal to using: $_SESSION = array(); for older deprecated code)
unset($_SESSION['Products']); - Unset only Products index in session variable. (Remember: You have to use like a function, not as you used)
session_destroy — Destroys all data registered to a session
To know the difference between using session_unset and session_destroy, read this SO answer. That helps.
I am including this answer in case someone comes to this page for the same reason I did. I just wasted an embarrassing amount of time trying to track the problem down. I was calling:
unset($_SESSION['myVar']);
from a logout script. Then navigating to a page that required login, and the server still thought I was logged in. The problem was that the logout script was not calling:
session_start();
Unsetting a session var DOES NOT WORK unless you start the session first.
Unset is a function. Therefore you have to submit which variable has to be destroyed.
unset($var);
In your case
unset ($_SESSION["products"]);
If you need to reset whole session variable just call
session_destroy ();
If you completely want to clear the session you can use this:
session_unset();
session_destroy();
Actually both are not neccessary but it does not hurt.
If you want to clear only a specific part I think you need this:
unset($_SESSION['Products']);
//or
$_SESSION['Products'] = "";
depending on what you need.
unset is a function, not an operator. Use it like unset($_SESSION['key']); to unset that session key. You can, however, use session_destroy(); as well. (Make sure to start the session with session_start(); as well)
Destroying a PHP Session
A PHP session can be destroyed by session_destroy() function. This function does not need any argument and a single call can destroy all the session variables. If you want to destroy a single session variable then you can use unset() function to unset a session variable.
Here is the example to unset a single variable
<?php unset($_SESSION['counter']); ?>
Here is the call which will destroy all the session variables
<?php session_destroy(); ?>
// set
$_SESSION['test'] = 1;
// destroy
unset($_SESSION['test']);
$_SESSION['Poducts'] = 1; // set
unset($_SESSION['Products']); //unset
All the answer about unset are correct but one thing is needed to be corrected. If you did not use session_start() the unset() will never work. I recommend doing it this way
session_start();
unset($_SESSION['productID']);
I'm a noob programmer so I apologies in advance for any obvious mistakes. I've spent the past week creating a product database kinda thing. I've got too the point where I can add products using a form, view all products added etc. I've being using sessions which are created via the form input data. I'm struggling to include get a delete product page working, I've tried using unset to clear the variable but can't get it too work.
ADD Product page which sets the session variable:
$_SESSION['Products'][] = $_POST; //is how i set the session on the add products page.
unset $_SESSION['Products'][]; //is how i have tried to clear the session although it does not work.
Any point in the right direction will be appreciated!
You can unset session variable using:
session_unset - Frees all session variables (It is equal to using: $_SESSION = array(); for older deprecated code)
unset($_SESSION['Products']); - Unset only Products index in session variable. (Remember: You have to use like a function, not as you used)
session_destroy — Destroys all data registered to a session
To know the difference between using session_unset and session_destroy, read this SO answer. That helps.
I am including this answer in case someone comes to this page for the same reason I did. I just wasted an embarrassing amount of time trying to track the problem down. I was calling:
unset($_SESSION['myVar']);
from a logout script. Then navigating to a page that required login, and the server still thought I was logged in. The problem was that the logout script was not calling:
session_start();
Unsetting a session var DOES NOT WORK unless you start the session first.
Unset is a function. Therefore you have to submit which variable has to be destroyed.
unset($var);
In your case
unset ($_SESSION["products"]);
If you need to reset whole session variable just call
session_destroy ();
If you completely want to clear the session you can use this:
session_unset();
session_destroy();
Actually both are not neccessary but it does not hurt.
If you want to clear only a specific part I think you need this:
unset($_SESSION['Products']);
//or
$_SESSION['Products'] = "";
depending on what you need.
unset is a function, not an operator. Use it like unset($_SESSION['key']); to unset that session key. You can, however, use session_destroy(); as well. (Make sure to start the session with session_start(); as well)
Destroying a PHP Session
A PHP session can be destroyed by session_destroy() function. This function does not need any argument and a single call can destroy all the session variables. If you want to destroy a single session variable then you can use unset() function to unset a session variable.
Here is the example to unset a single variable
<?php unset($_SESSION['counter']); ?>
Here is the call which will destroy all the session variables
<?php session_destroy(); ?>
// set
$_SESSION['test'] = 1;
// destroy
unset($_SESSION['test']);
$_SESSION['Poducts'] = 1; // set
unset($_SESSION['Products']); //unset
All the answer about unset are correct but one thing is needed to be corrected. If you did not use session_start() the unset() will never work. I recommend doing it this way
session_start();
unset($_SESSION['productID']);
i'm having a bit of a problem. I'm trying to set up a simple webpage with only three .php pages. I want a session variable $_SESSION['userID'] to be set when a user is logged in and I want the index page to show extra info if someone is logged in.
On index.php I want to show some info, if a user is logged in I want to show some extra info.
login.php - simple log in form.
login_exe.php - takes care of database connection and verification.
So this was my idea:
On index.php, check if session is started, if not: start.
<?php
if (!isset($_SESSION)) {
session_start();
echo "session started";
}
later on, check if $_SESSION['userID'] contains a value, if so: print a string
if($_SESSION['userID'] != null){
echo "User logged in";
}
On login_exe.php i've almost the same code:
<?php
if (!isset($_SESSION)) {
session_start();
echo "session started";
}
in verification function:
$_SESSION['userID'] = $data['userID'];
header("Location: index.php");
The problem is that a new session is started on every page. How can I fix this and only start the session once? Thanks in advance
You should just put session_start() on top of documents that using sessions. Say, if you have 5 .php files that using sessions, then put 5 times the session_start() on top of them.
This is because session_start() sends headers and headers must be sent before any output (for example, any echo or whitespace).
Then, you should use something like isset($_SESSION["foo"]) and not just the entire $_SESSION array, where foo is something you set previously.
If you dont want sessions at all or need to reset the entire array, just call session_destroy() which effectively destroy the current session. Use unset($_SESSION["foo"]) when you want to get rid of a key.
Finally, you might get weird cases where you cannot read session key you write at. In these cases check what is the path of sessions and if they're writeable, or change their path:
$path = session_save_path(); // what is the path
is_writable($path); // can i write to it?
session_save_path("my/new/path"); // change the darn path;
// put -even- before session_start()!
:)
glad i help
I think the PHP manuals are really good compared to ...ahm, so just read about session_start(). It says:
session_start() creates a session or resumes the current one (...)
so all you need is session_start() very early in your code. This must be executed on every request (maybe as include).
Your code checking the userId looks fine, one important hint here: you should know exactly what isset(), empty() and the like mean in PHP, so always have the comparision of comparison at hand.
You should not ask new answers (edit: questions) in comments. Be as systematic here as you are in coding.
How to end a session:
This gives room for discussion, because there is the session cookie, which is client side, and the session data, which is server side.
I recommend:
$_SESSION = null;
Reason: this will clear all login and other associated data immediately. It leaves the cookie intact, which is normally of no concern, since all associated data is gone.
Basically none of my scripts work without a session regeneration check at the top of the file, this is very strange because I've never had this issue before and I have no idea why it would force me to run this code. Below is my logout, then below that is what I have to put at the top of every single file that touches the sessions in order to make it work. Any ideas on what is wrong?
Logout:
require_once("../Core/Core.php");
if(!isset($_SESSION['LoggedIn']))
Core::ThrowError(13,"",1);
session_destroy();
header("Location: " . Core::$url);
Required to make it work: (Also I'm putting this on every page that the user views (so no things like login script page) )
<?
session_start();
if(!isset($_SESSION['started']))
{
session_regenerate_id();
$_SESSION['started'] = true;
}
?>
Update 1:
After adding session_start() above where I add data to variables I'm now able to put data into the session (Although the session was already started because it's started before you even view the login page) but when I call session_destroy() it returns false as if the session doesn't exist, but then I put session_start() above the session_destroy() and it works fine! This is really dumb whatever it is... Please help.
Update 2:
It appears I can only access session data if I put session_start() before trying to access it even if the session is already stated.
Okay I managed to fix it, I didn't know that "To use cookie-based sessions, session_start() must be called before outputing anything to the browser." so to fix it I put session_start() in the core which is required by everything so everything would call it before trying to access the sessions.
I'm sorry guys -- after two hours of looking and commenting out and so on, I found one tiny include that was referencing a redirected domain. Somehow this threw everything else off. I'm still not sure why, but by fixing that file to the new domain I was able to fix it. Again, thanks for your help and time in replying to me!
I'm fairly familiar with sessions in PHP, yet I can't tell why these session variables are not sticking on this login system I have. When I log in, I get successfully sent to the index page, but any pages therein I get kicked back to the login page, and also when I reload the index page. I have echoed the session variable $_SESSION['login'] on the index page to make sure its value has accurately been carried over, and it's is there..
... code removed
My wild guess but usually a problem I always encounter in Apache under Linux when dealing with sessions.
Check session.save_path in php.ini. If there's a path there and doesn't exist in your system, create it e.g. session.save_path = "/var/lib/php/session". I'm guessing PHP cannot create session files and thus session won't persist across pages. Give the folder a write permission too, try 0777 (but it's not the best permission as it allows all users). HTH!
Why are you destroying the session during login? This is probably a reason.
session_start();
session_unregister('login');
session_write_close();
session_start();
session_destroy();
You probably might just call session_start() and clear 'login' session value:
<?
$ERRBG="";
$ERRMSG="";
session_start();
$_SESSION['login'] = null;
require_once("db/mysql_connect.php");
.......
Use session_start() only once in the php page at the starting
Do not use session_destroy().
If you want to remove session variable, use unset function.
In case if you want to remove all the variables use session_unset function
Use session_destroy() as the logout operation
Please do this step :
use session_start() at the top of page after <?php just once .
don't destroy session
write var_dump($_SESSION) on in your test-index and write it in that
page when you click on it , it's
redirect to login page ( insert
die() after it ) !
I think session start in your test-index but not in your other page
report result to me !