<?php
$b = session_id();
if(empty($b)) session_start();
$ses= session_id();
echo $ses;
?>
This code is for generating the session id
But when to destroy the session the session id shown is same as the old one.When I delete the cookie then it has changed..how to change the session id?
Changing the session_id() can be done by session_regenerate_id()
<?php
session_start();
$old_sessionid = session_id();
session_regenerate_id();
$new_sessionid = session_id();
echo "Old Session: $old_sessionid<br />";
echo "New Session: $new_sessionid<br />";
print_r($_SESSION);
?>
To delete the session use session_destroy();
session_destroy();
$_SESSION = array(); // Clears the $_SESSION variable
http://php.net/manual/en/function.session-destroy.php
May I suggest
// deletes old session
session_regenerate_id(true);
Link to PHP docs
Related
I have a simple log in system where there are 2 type of user (role: 0,1). If user is role 0 then user is redirected to search.php, else role is 1,redirected to overview.php.
if ($role == 0){
session_regenerate_id();
$_SESSION['loggedin'] = TRUE;
$_SESSION['name'] = $_POST['email'];
$_SESSION['id'] = $id;
header('Location: search.php');
} elseif ($role == 1) {
session_regenerate_id();
$_SESSION['loggedin'] = TRUE;
$_SESSION['user'] = $name;
$_SESSION['name'] = $_POST['email'];
$_SESSION['id'] = $id;
header('Location: overview.php');
}
I am able to logout and destroy session, but if both user are logged in and one user logout it will end session for both user.
Here is my logout.php:
<?php
// Initialize the session
session_start();
// Destroy the session.
session_destroy();
header('Location: login.php');
exit;
?>
Then I found this solution source. I was not sure how to get to_destroy_id ($des) so I set it to current session id.
Here is my updated logout.php:
<?php
$des = session_id();
// 1. commit session if it's started.
if (session_id()) {
session_commit();
}
// 2. store current session id
session_start();
$current_session_id = session_id();
session_commit();
// 3. hijack then destroy session specified.
session_id($des);
session_start();
session_destroy();
session_commit();
// 4. restore current session id. If don't restore it, your current session will refer to the session you just destroyed!
session_id($current_session_id);
session_start();
session_commit();
// Redirect to the login page:
header('Location: restTablet.php');
?>
This worked for first time then it stopped working again. Everyone logout if one user logout.
I would just like to destroy user session if they clicked logout, and other users stays logged in. Any idea how can I implement this?
UPDATE: making the following change to logout.php I was able to keep other logged in if one user logout, but once the user logout and tries to go back user is able to access it again without loggin. Here is the logout.php:
<?php
$des = session_id();
// 1. commit session if it's started.
if (session_id()) {
session_commit();
}
// 2. store current session id
session_start();
$current_session_id = session_id();
session_commit();
// 3. hijack then destroy session specified.
session_id($des);
session_start();
session_destroy();
session_commit();
// Redirect to the login page:
header('Location: gabLogin.php');
?>
You can nest your $_SESSION data in a parent level.
For example you have two roles, role 1 and role 2.
Set $_SESSION like the following:
if ($role == 0){
session_regenerate_id();
$_SESSION['role_0']['loggedin'] = TRUE;
$_SESSION['role_0']['name'] = $_POST['email'];
$_SESSION['role_0']['id'] = $id;
header('Location: search.php');
} elseif ($role == 1) {
session_regenerate_id();
$_SESSION['role_1']['loggedin'] = TRUE;
$_SESSION['role_1']['user'] = $name;
$_SESSION['role_1']['name'] = $_POST['email'];
$_SESSION['role_1']['id'] = $id;
header('Location: overview.php');
}
Then when your user logs out of say role_0, unset only the parent session value for that role.
//use logic in logout form to POST proper logout for that role.
if(isset($_POST['logout_0'])){ //--> role_0 is logging out
unset($_SESSION['role_0']); //--> all child data for role_0 should be unset now.
//--> check if user is logged in as alternate role
if($_SESSION['role_1']['loggedin'] === TRUE){
header('Location: overview.php');
}else{
//--> redirect to the page you wish them to go to when logged out
}
}
I cannot properly unset the session id of my page unless I close the browser and reopen it. I tried to set the $_SESSION = null; and to forcefully set the cookie to a negative value setcookie('cookiename', '', time()-3600); but no results yet.
<body>
<?php
session_start();
// Unset all of the session variables.
$_SESSION = null;
setcookie('cookiename', '', time()-3600);
session_destroy();
print "SESSION has been destroyed - all session data deleted";
?>
back to home page
</body>
replace lab5destroy.php with below code
<body>
<?php
ini_set('session.use_strict_mode', 1);
session_start();
// Unset all of the session variables.
session_regenerate_id();
session_destroy();
print "SESSION has been destroyed - all session data deleted";
?>
<hr>
back to home page
</hr>
</body>
session_start();
session_unset();
session_destroy();
The fix was session_name() instead of 'cookiename'
Due to cross site session management, firstly I sent session id through url. Please note I had a $username variable created. First code is just a snap of a larger code.
ini_set("session.use_cookies",0);
ini_set("session.use_trans_sid",1);
session_start();
$session_id = $username;
header("location: http://somedomain.com/receive.php?session_id=". $session_id );
Now I received it here and creating a new session I have forwarded the session variable in same site:
ini_set("session.use_cookies",0);
ini_set("session.use_trans_sid",1);
session_id($_GET['session_id']);
$some_var=session_id();
session_destroy();
session_start();
$_SESSION["var_name"] = $some_var;
//echo '<pre>' . print_r($_SESSION, TRUE) . '</pre>';
header("location: anotherfile.php");
When I uncomment the echo line above and comment header line, then I can see the session array successfully. But when I pass it to anotherfile.php I loose the session.
session_start();
echo '<pre>' . print_r($_SESSION, TRUE) . '</pre>';
Any help why I am unable to fetch the session in last file.
change the second file
<?php
ini_set("session.use_cookies",0);
ini_set("session.use_trans_sid",1);
session_id($_GET['session_id']);
$some_var = session_id(); // remove session_destroy code because no session is set before.
session_start();
$_SESSION["var_name"] = $some_var;
header("location: anotherfile.php");
to this it will be fine
<?php
session_id($_GET['session_id']);
$some_var = session_id(); // remove session_destroy code because no session is set before.
session_start();
$_SESSION["var_name"] = $some_var;
header("location: anotherfile.php");
I have the same problem as this guy: Destroy session, but keep one variable set (solved)
I'm trying to destroy / unset all sessions except one session named 'id' when a user logout.
I don't want to unset each session manually because I have many sessions.
This is my logout.php
<?php
session_start();
foreach($_SESSION as $key=>$value) {
if($key !== "id") {
unset($_SESSION[$key]);
}
}
header("Location: login.php");
exit;
?>
This code currently unsets all sessions and does not keep the session named ID.
What am I missing?
You can reassign $_SESSION['id'] instead of deleting all of the others.
A little trick :)
<?php
session_start();
$tmp = $_SESSION['id'];
session_unset();
$_SESSION['id'] = $tmp;
header("Location: login.php");
exit;
?>
You can also do something like this:
$keep_alive = $_SESSION['id'];
Destroy all sessions:
session_start();
session_destroy();
Set session again:
session_start();
$_SESSION['id'] = $keep_alive;
I have a session:
session_start();
$_SESSION['auth'] = "true";
and the PHPSESSID cookie is set. However, when I refresh the page $_SESSION['auth'] returns NULL. Additionally, when I call session_destroy(); I receive the error Trying to destroy uninitialized session
How can I keep the session open?
Thanks!
Give this a try.. if this works I'd re examine your code + comment out session_destroy...
page1.php
<?php
session_start();
$_SESSION['auth'] = "true";
$_SESSION['superhero'] = "batman";
?>
Click here
page2.php
<?php
session_start(); // start the session before using it
echo $_SESSION['auth']; // will output 'true'
//print_r($_SESSION); // uncomment for testing
?>