I need to reset session each time the user goes back to index.php, in the index i got
<?php
session_start();
if(isset($_SESSION['prevail'])) session_unset();
?>
where $_SESSION['prevail'] is first session variable that is set on the next page. At the moment when I visit any page it resets session just like it was loading index.php before loading the page (with isn't possible cause I use permanent links to pages and they aren't sharing any header.
It also happens when I put session_destroy() in other files.
On the server the app is in directory public_html/app and in public_html is wordpress installed. App has it's own subdomain though. Any suggestion will be appreciated :)
I need to reset session each time the user goes back to index.php
i will use below code to do so:
index.php
<?php
session_start();
if(!empty($_SESSION['prevail'])) {
unset($_SESSION['prevail']); // only unset that session
}
Try this.. ;)
Related
When the user logs in, multiple session variable are created and work perfectly.
When they sign out and log in again it works.
However, when someone quits out of their browser without signing out, the next time they log in no session variables are created.
To sign out, one goes to my logout.php file. The code in my logout.php file is:
<?php
session_start();
session_destroy();
echo '<meta http-equiv="refresh" content=".000001;url=index.php">';
?>
I've tried pasting the code at the start of my index.php (where the login form is) but it doesn't work unless you go to the logout.php file.
Why is this and how do i fix it?
There are some possible situations:
First and main reason:
If you have already started session_start(), server may be dump error, while you trying to create new, if your errors are off, you can't see them.
Second: You do check before session destroy.
You are destroying the session before you are making sure that no session variables remain.
I would delete all of the session variables first before you destroy it, to be safe, because sometimes some get left behind. You can do this like so
if (isset($_SESSION['/*whatever session variables you are using*/'])) {
$_SESSION = array();
session_destroy();
}
Also if you are using any cookies for any reason (though this may not be the case), you need to make sure those are also deleted. something like this:
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(),'',time() - 3600);
}
My tmp directory is not accessible by php.Hence, sessions can't really work(And they don't)
but in this case, they do for some unknown reason.
Here's the scenario,
I have a page index.php which verifies a users credentials and sets session variables and redirects the user to panel.php
if($verified)
{
$_SESSION['unid']=$unid;
$wel="Welcome :";
$_SESSION['una']=$user;
$_SESSION['level']=$lev;
$_SESSION['pas']=$pass;
$_SESSION['wel']=$wel;
header("location:panel.php");
}
On the panel.php I have the code,
<?php
ob_start();
if(session_id()==''){
session_start();
}
if($_SESSION['una'] == "")
{
header("location:index.php");
}
When i login through index.php, Though the sessions data cannot be read, panel.php opens like it would normally with sessions
On refreshing the page, the sessions are gone and page redirects!
Any explanation for this behavior?
PHP V5.3.10
You always need to call session_start() at the start of your page. It doesn't actually start a new session, but rather initializes the session, including the loading of session variables. It's usually the first thing you do, and usually not only under conditions like in your current panel.php.
I had a login system set up that stored a session variable and checked it on each page, but then I moved to a new server.
Now any session variable I set is only available on the page it was set on. I've been searching for reasons why this could happen, and already crossed off permissions issues. Is it possible this has to do with incorrect urls? Everything else on the server appears to be working fine.
I'm running the latest version of PHP and Apache if that helps at all.
Because you probably (just assumption) have not got session_start(); throughout your other pages where required. So for example, create a page called session.php
Session.php
session_start();
if (!isset($_SESSION))
{
// Enforce logout as session is not set.
}
then:
include "session.php";
use this snippet through out your pages where your login features are required.
I've run into issues like this before. You might try setting a session id when you first start the session using session_id(), and then use the same session id before each session_start().
For example:
<?php
session_id(integer);
session_start();
?>
I have a web app I am developing for a school project, I am having issues with the logout page. When a user clicks logout it will send them to a logout.php which just looks like this:
<?php include ("includes/check_authorization.php");
// Unset the session and destroy it
session_unset();
session_destroy();
// Redirect to the home page
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=index.php">';
exit;
?>
It is very simple, but it will unset, then destroy the session, and redirect to the index, which is the login page. However when this is run the index immedietley redirects to a user homepage. The check_authorization page included at the top will redirect someone to login if the username and id are not set and matching in the $_SESSION, so this means that it is setting these for me? I am really confused as to how this is happening. I am using CAS for authentication.
EDIT: the check_authorization.php also initializes the session as well as checking those key values
For like this situation I did as follows, this is working for me all the browsers,
#session_unset();
$old_sessid = #session_id();
#session_regenerate_id();
$new_sessid = session_id();
#session_id($old_sessid);
#session_destroy();
Rather than just unsetting the data, try assigning a dummy value to the session, like:
$_SESSION['authKey'] = '!!INVALID!!';
session_unset();
session_destroy();
Even if the session 'revives', the authentication can't possibly succeed anymore because of the "fake" data.
There are some possibilities :
The most simple possibility : did you include the
session_start();
on top the file? before you include a file? I've been there before, and it pissed me off.
The second possibility : try to put
session_regenerate_id();
on the very top of your file (before you declare session_start();). Because in some Server Hosting, their configuration still using "LINUX" style that i can't explain to you here. But, the point is they always using "cache" when you redirect. In other words, you always redirect into your "cached" page when you rediret to another page. See.. it's hard to explain for you here. But just try the session_regenerate_id(); code, maybe it would work.
I never use the "echo" things in doing redirect things. Try :
header("location:index.php");
i don't know if this working or not. I just simply giving you my analysis based of my assumptions.
Hope these helpful. :)
I'm making a login page and for some reason the session will not persist between where I set it and the page where I am forwarding to. I can comment out the header in the page where the session was initialized and see that the session has the data in it. However, when I do a print_r in the target page, the session is empty.
I have already made sure that session_start is called. There is only one domain for this site and my browser is set to accept cookies. I can forward to any other page and see the session data but just not this one.
Is there something that someone can offer to help in debugging this?
$_SESSION['auth'] = $auth;
header( "Location: /" ); // commenting this out shows the data is in fact there
I want to protect the index page so I test to see if session['auth'] is set. If not, I forward over to /user/login which allows the user to login. If successful then we forward back over to the index page where it should pass the isset session test. It fails though and there is no session data.
set.php:
session_start();
$_SESSION['auth'] = true;
header('Location: /');
index.php:
session_start();
var_dump($_SESSION);
Create these 2 files and request set.php. What do you see?
If you set a session variable, then do a header redirect, you need to add session_write_close() before the redirect or you will lose your sesson modification.
Something that I've ran in to quite a bit is accidentally redirecting from a page with 'www.' in the URL to a page without. I'm not exactly sure why it happens but for some reason the session between a site is different with and without the 'www.'.