I've this logout.php page that I use to logout from my PHP project.
<?php
session_start();
$conn4=mysqli_connect("localhost", "root", "", "winkcage");
$useronline=$_SESSION["unamsession"];
$queryseen="UPDATE signup SET seen='' WHERE username='$useronline'";
$queryseenrun=mysqli_query($conn4, $queryseen);
session_destroy();
session_unset();
header('Location: login.php');
?>
[Both in Firefox and Chrome]: When I click logout button, the page is redirected to login.php, but when I load the home page again in different tab (which should open only when the session is not destroyed), it loads instead of redirecting to login.php (this would be my index page).
I don't know what's wrong with this code. Does writing session_destroy() before session_unset() make any difference? How do I fix it?
[Only with Chrome, in Firefox it's okay]: When I close the Firefox, the session is automatically destroyed, which is obvious, but it's not with Chrome. Chrome isn't destroying it. How's it possible? I've checked my code thoroughlly but I didn't find any code line related to cookie.
Another problem is that when I'm logged in for a few minutes (I guess 20-30), the session is automatically destroyed. Is it possible that I have written some code by mistake for this? Or is it default?
not sure if you are using cookie or not but i think this will solve it
....
$queryseenrun=mysqli_query($conn4, $queryseen);
session_unset();
$_SESSION = array();
// get session parameters
$params = session_get_cookie_params();
//delete the actual cppkie
setcookie(session_name(),'', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
// Destroy session
session_destroy();
//redirect to the index.php
header("Location: login.php");
exit();
From http://php.net/manual/en/function.session-unset.php
Session unset simply clears the session for use but it is not destroyed, it is still on the user's computer.
Try the following:
session_start();
session_destroy();
$_SESSION = array();
header('Location: index.php');
Related
I have read many php tutorials for logout scripts, i am wondering what could be the proper way to logout from a session!
Script 1
<?php
session_start();
session_destroy();
header("location:index.php");
?>
Script 2
<?php
session_start();
session_unset();
session_destroy();
header("location:index.php");
?>
Script 3
<?php
session_start();
if (isset($_SESSION['username']))
{
unset($_SESSION['username']);
}
header("location:index.php");
?>
Is there any more effective way to do this?? A session can always be created by logging back in, so should i bother about use of session_destroy() and use unset($_SESSION['variable']) instead? which one of the above 3 script is more preferable?
From the session_destroy() page in the PHP manual:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
Personally, I do the following:
session_start();
setcookie(session_name(), '', 100);
session_unset();
session_destroy();
$_SESSION = array();
That way, it kills the cookie, destroys all data stored internally, and destroys the current instance of the session information (which is ignored by session_destroy).
Session_unset(); only destroys the session variables. To end the session there is another function called session_destroy(); which also destroys the session .
update :
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that
<?php
// Initialize the session.
session_start();
// Unset all of the session variables.
unset($_SESSION['username']);
// Finally, destroy the session.
session_destroy();
// Include URL for Login page to login again.
header("Location: login.php");
exit;
?>
My PHP session seems to not be unsetting. When I return to the home page after clicking logout, if I refresh the page again then it seems to log me back in.. as if the session never actually ended. The same occurs if I leave the page and re-visit it. Here is my logout.php page:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
header("Location: index.php");
?>
I really have no idea why it's doing this, any help would DEFINITELY be appreicated. If you need anymore information I'd be happy to provide some. Thanks!
You can use below code in your logout.php
session_start();
unset($_SESSION['var_name']); // delete just the session of va_name data
session_destroy(); // delete ALL session info/Data.
I have a website in which I set several variables like
$_SESSION["id"]
$_SESSION["email"]
$_SESSION["role"]
When user clicks on logout should I use session_destroy() or unset all the variables,
it has no special impact on my site, but considering the fact that my sessions are stored on elastic cached with Redis?
I think unless I do session_destroy() the session will not be removed from Redis,(thus occupying memory)
Any help?
Use session_destroy() if you are using it as a logout link, it will get rid of all session data without really having to worry about it. Just remember you have to refresh or redirect because the variables are still set on that page after you use session_destroy
Source: Session unset, or session_destroy?
Depends on if you want to keep any other session data. I only use session_destroy() when I'm positive I want to wipe out the entire user session, otherwise I unset()
You can simply use session_destroy() function. Create a logout.php page and add the following code,
<?php
session_destroy();
header('Location: index.php');
?>
Then call this logout.php by adding links to these page,
Logout
This will destroy your session and re-direct to your index.php page.
Unset will destroy a particular session variable like unset($_SESSION['id']); whereas session_destroy() will destroy all the session data for that user.
I found on the Internet sometimes extended session_destroy, what I use:
function sessionDestroy()
{
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params['path'], $params['domain'],
$params['secure'], $params['httponly']
);
session_destroy();
}
While I'm pressing on log out link it's not exit the user from the page but when I'm refreshing manually after the clicking it really will log out.
The log out command is:
$URL = $_GET['url'];
session_unset();
redirect($URL);
When the page is redirected I see the session variables although they were deleted and
just after manual refresh it's OK.
There is no any problem in Chrome and IE.
In order to really log the user out, you need to also unset the session ID and the cookie which is used to propagate the session id to the client.
Here is a sample code from the PHP manual which does that:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
I have read many php tutorials for logout scripts, i am wondering what could be the proper way to logout from a session!
Script 1
<?php
session_start();
session_destroy();
header("location:index.php");
?>
Script 2
<?php
session_start();
session_unset();
session_destroy();
header("location:index.php");
?>
Script 3
<?php
session_start();
if (isset($_SESSION['username']))
{
unset($_SESSION['username']);
}
header("location:index.php");
?>
Is there any more effective way to do this?? A session can always be created by logging back in, so should i bother about use of session_destroy() and use unset($_SESSION['variable']) instead? which one of the above 3 script is more preferable?
From the session_destroy() page in the PHP manual:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
Personally, I do the following:
session_start();
setcookie(session_name(), '', 100);
session_unset();
session_destroy();
$_SESSION = array();
That way, it kills the cookie, destroys all data stored internally, and destroys the current instance of the session information (which is ignored by session_destroy).
Session_unset(); only destroys the session variables. To end the session there is another function called session_destroy(); which also destroys the session .
update :
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that
<?php
// Initialize the session.
session_start();
// Unset all of the session variables.
unset($_SESSION['username']);
// Finally, destroy the session.
session_destroy();
// Include URL for Login page to login again.
header("Location: login.php");
exit;
?>