There are two login pages and if one page is logged out other also automatically getting logged out how to change that?
adminlogout.php
<?php
session_start();
unset($_SESSION['ADMIN_UNAME']);
session_destroy();
header("location: adminlogin.php?logout=true");
?>
logout.php
<?php
session_start();
unset($_SESSION['SESS_MEMBER_ID']);
session_destroy();
header("location: login.php");
?>
Please remove session_destroy() function. session_destroy() delete complete session information for request with sessionid from the server. Hence both scripts logouts.
adminlogout.php
<?php
session_start();
unset($_SESSION['ADMIN_UNAME']);
header("location: adminlogin.php?logout=true");
?>
logout.php
<?php
session_start();
unset($_SESSION['SESS_MEMBER_ID']);
header("location: login.php");
?>
When you use session_destroy(); you completely remove everything the server knows about your current session. Note a session survives while the current browser instance is open, if you destroy the session you destroy all the session globals.
If you want to logout of just the admin or a normal user you should just change a session variable to reflect that.
As the others already pointed out, the problem is the call of session_destroy() as this destroy the whole session.
But I'd like to add that you should maybe consider using a multidimensional array in your session for different purposes or, what is even better, use different sessions as they are in completely different areas (e.g. the admin session should definitely not be shared with a normal user session, using HTTPS cookies, etc.).
unset the session variable or make the session variable as empty in logout.php
adminlogout.php
<?php
session_start();
$_SESSION['ADMIN_UNAME']='';
header("location: adminlogin.php?logout=true");
?>
logout.php
<?php
session_start();
$_SESSION['SESS_MEMBER_ID']='';
header("Location:login.php");
?>
Related
I want to redirect a page after 10 minutes and clear the session values.
I achieved this using the code.Any page in my website will get redirect after 10 minutes
<META HTTP-EQUIV="refresh" CONTENT="600;URL=logout.php?timeout">
In my logout.php page I have the code for clearing session values and redirect to index.php page.But now I get only redirect to index.php page and session value is not destroy.
<?php
session_start();
// remove all session variables
session_unset();
// destroy the session
session_destroy();
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.location.href='index.php';
</SCRIPT>");
?>
You can try this by using refresh header the in php
like
<?php
/*in this refresh is in second you can define it as your requirement*/
$sec=6000;
header( "Refresh:$sec; url=http://www.example.com/page2.php", true, 303);
?>
Your code seems correct and it should work. You can add the line
$_SESSION = array();
somewhere between session_start() and session_destroy() just to be sure the session variables are wiped. It shouldn't be needed, this is what session_destroy() is supposed to do.
If it still doesn't work then use print_r($_SESSION) to be sure the session is properly set in logout.php.
I was wondering that why my session always losing unexpectedly. My website almost depends on session, if session lose, it will redirect to login page.
Here is my code*
<?php
session_start();
if(!isset($_SESSION['login'])){
session_destroy();
header("Location:login.php");
exit();
}
include_once("action.php");
?>
How to fix it?? Thank in advance
I am assuming you lose your session when navigating between pages.
You need to include session_start(); on every single page that the user navigates to in order to continue their session.
I'm running two different php applications/sessions at the same time (on the same page), which I need to close/kill upon user logout and then redirect a user to a login page. Would this be the right way of doing it? Thanks.
<?php
session_name('loginsystem');
session_name('chatsystem');
session_start();
$_SESSION = array();
session_unset();
session_destroy();
header("Location:http://localhost:8888/vtracker2/index.php");
exit();
?>
you are nearly done, just do this
<?php
session_start();
session_destroy();
header("Location:http://localhost:8888/vtracker2/index.php");
exit();
?>
session_destroy() function unset all the session which are active.
I have 3 login forms in my page, clicking logout is destroying all the sessions and logging them all out.
I know that session_destroy() destroys all the data associated with the current session but could i give it a parameter or is there any way to specify which session to destroy?
I have tried using unset without the session_destroy but it won't logout the user
Code edited:
<?php
if(isset($_GET['auth'])){
if($_GET['auth']=='parent'){
session_name('parent');
session_start();
if(isset($_SESSION['parent']))
unset($_SESSION['parent']);
session_destroy();
}}
if(isset($_GET['auth'])){
if($_GET['auth']=='employee'){
session_name('employee');
session_start();
if(isset($_SESSION['employee']))
unset($_SESSION['employee']);
session_destroy();
}}
if(isset($_GET['auth'])){
if($_GET['auth']=='student'){
session_name('student');
session_start();
if(isset($_SESSION['student']))
unset($_SESSION['student']);
session_destroy();
}}
header("Location: login.php");
?>
I have added session_name to get different sessions, i am able to destroy the session but i can't have multiple sessions in the same page!
Please use session_start(); once at the top of the page.
After successful login, please check all the sessions that is set, for example in your case.
$_SESSION['parent'];
$_SESSION['employee'];
$_SESSION['student'];
session_name(''); will override the previous session's name, so you don't have to use session_name here.
If you check there is a value for specific session or the session name is exist
unset($_SESSION('your_session_key'));
Hope it will work.
Thanks
I created a log out page and calling it through a href link but it not working the session was not destroying. Help me, the code n link are below.
logout.php
<?php
session_start();
session_unset();
session_destroy();
header("location:index.php");
?>
Make sure the file is on same server.
Write this code on the very top of everything else.
Additionally use this code
session_unset();
session_write_close();
session_destroy only destroys session on server end not the cookies, make sure you are not using cookies, if yes then see below code
To Set cookie
setcookie("cookieName", $value, time()+3600);
To Unset Cookie
setcookie("cookieName", $value, time()-36000);
More details about session: PHP: session_destroy - Manual
You probably need to regenerate the session ID:
session_regenerate_id();