My sessions still shows values of sessions that are deleted on some pages. My header has the session start on every page.
<?php session_start(); ?>
I unset my session with:
$key_to_remove = $_POST['key'];
if (count($_SESSION["Carray"]) <= 1) {
unset($_SESSION["Carray"]);
} else {
unset($_SESSION["Carray"]["$key_to_remove"]);
sort($_SESSION["Carray"]);
}
Try This I use this kind of code for destroy session and it's working.
<?php
session_start();
$_SESSION = array();
session_destroy();
if(isset($_SESSION['key']))
{
unset($_SESSION['carry']);
}?>
Related
I have a profile page in my website that welcomes the user with his/her name using session variable. After I unset this variable, the page can still access that name. I cannot properly erase the data.
I've tried to set it to null, session_unset and session_destroy
<?php #session_start(); ob_start(); ?>
//Some HTML code here
<?php
if( isset($_SESSION["user"]) && $_SESSION["login"]) {
echo '<div><p>welcome ' .$_SESSION["user"]. '!</p></div>';
echo
"<form action='' method='post'>
<input type='submit' name='use_button' value='Log out' />
</form>";
if(isset($_POST['use_button'])) {
$_SESSION["login"] = false;
unset($_SESSION["user"]);
session_unset();
echo "logout successful.";
echo '<script>window.location.href = "same-page.php";</script>';
}
}
else
echo 'no login data.';
?>
//Some HTML code here
<?php ob_end_flush(); ?>
I expected that after the redirect, the first if condition would not be satisfied and it gives the output 'no login data' but it still can access the session variables.
External php file:
<?php
session_start();
$_SESSION["user"] = '' ;
$_SESSION["login"] = false ;
echo '<script>window.location.href = "../profile.php";</script>';
?>
I think you can do this by destroying the session by using session_destroy() Method.
session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.
You can more about it from session_destroy()
here you are doing session destroy but you also need to do unset that particular variable from sessions array just like below before destroying session.
unset($_SESSION['user']);
Put this line immediately after your redirect line
echo '<script>window.location.href = "same-page.php";</script>'; // redirect
exit; // close current php script after redirect
I know this question has many duplicates, but I tried several of them and none of those have been answered.
Here is my code for logout.php:
<?php
session_start();
require './codefiles/dbhelper.php';
$dbh = new DbHelper();
$dbh->Execute('UPDATE surveyors SET LoggedIn=\'0\', SessionID=\'\' WHERE Username=\''.$_SESSION['username'].'\'');
session_unset();
session_abort();
session_destroy();
$_SESSION = array();
unset($_SESSION['username']);
unset($dbh);
header('location:index.php');
?>
But the session variables are just too "stubborn" to be removed. Neither session values are being cleared not the session variables are being removed. Object $dbh is being unset but not $_SESSION['username'];
Another unrelated problem, despite I am setting the LoggedIn = 0, in my SQL query, it just stays as 1 in database. LoggedIn field is of type 'bit'. SessionID field is set to blank though.
Any solutions please?
EDIT:
Removed echo $dbh->error as it was unnecessary.
EDIT 2:
Added session_destroy() as suggested by Hossam Magdy.
<?php
include 'codefiles/dbhelper.php';
if(!isset($_SESSION['id']))
{
header ("Location: login_form.php");
}
else
{
session_destroy();
die('You have been logged out.<meta http-equiv="refresh" content="0;url=login_form.php">');
}
?>
This is basically the "Logout" structure.
I don't know why, but the code for destroying the sessions was somehow not working in logout.php. It worked in index.php and other files, but will all sorts of unpredictable behavior.
Found a workaround to circumvent the problem. The logout.php has code as below:
<?php
session_start();
$_SESSION['logout'] = TRUE;
header('location:index.php');
?>
And add this code to index.php:
# Implement logout functionality
<?php
session_start();
if(isset($_SESSION['logout']) && $_SESSION['logout'] == TRUE){
foreach($_SESSION as $var => $value){
unset($_SESSION[$var]);
}
session_destroy();
session_unset();
}
?>
It may not be a standardized solution, but the code works for me every time, with no unpredictable behavior.
Thanks everyone for sharing their ideas.
Try this
<?php
session_start();
require './codefiles/dbhelper.php';
$dbh = new DbHelper();
$dbh->Execute('UPDATE surveyors SET LoggedIn=\'0\', SessionID=\'\' WHERE Username=\''.$_SESSION['username'].'\'');
echo session_status() . '<br />';
session_unset();
session_destroy();
echo session_status();
// header('location:index.php');
Let's see what session_status() says.
But on my projects unset && destroy work.
How to pass two value from one page to another in PHP using session.
$account=$_SESSION["account_no"];
$account1=$_SESSION["account_no"];
Session will be available through out the application (in all pages) until you destroy it.
To set a session,
<?php
session_start();
$_SESSION['variable_name_1'] = "value_1"; // or $_POST['accountno_1'];
$_SESSION['variable_name_2'] = "value_2"; // or $_POST['accountno_2'];
?>
In the other page, to get the values
<?php
session_start();
echo $_SESSION['variable_name_1'];
echo $_SESSION['variable_name_2'];
?>
FILE-1: WHERE YOU NEED TO SAVE THE ACCOUNT TO SESSION
<?php // NOTICE THAT THERE IS NO SPACE BEFORE <?php [THIS IS IMPORTANT!!!]
// FILE-NAME: file_1.php WHERE YOU HAVE TO SET THE SESSION VARIABLE
//FIRST CHECK IF SESSION EXIST BEFORE STARTING IT:
if (session_status() == PHP_SESSION_NONE || session_id() == '') {
session_start();
}
$_SESSION["account_no"] = $account;
FILE-2: WHERE YOU NEED TO GET THE ACCOUNT FROM SESSION
<?php // NOTICE THAT THERE IS NO SPACE BEFORE <?php [THIS IS IMPORTANT!!!]
// FILE-NAME: file_2.php WHERE YOU NEED TO READ THE SESSION VARIABLE
//FIRST CHECK IF SESSION EXIST BEFORE STARTING IT:
if (session_status() == PHP_SESSION_NONE || session_id() == '') {
session_start();
}
// READ THE ACCOUNT NUMBER FROM SESSION DATA...
$account = $_SESSION["account_no"];
On the first page:
session_start();
$_SESSION['value1'] = 'First value';
$_SESSION['value2'] = 'Second value';
On the second page:
session_start();
$value1 = $_SESSION['value1'];
$value2 = $_SESSION['value2'];
File:1 where data will be store Session
<?php
session_start(); //before HTML tag
$_SESSION['one'] = $account_no1;
$_SESSION['two'] = $account_no2;
?>
File2: where you like to retrieve session
<?php
session_start();
echo $_SESSION['one'];
echo $_SESSION['two'];
?>
Sessions is a global variable in PHP.
Just create two session variables as use anywhere
<?php
session_start(); // should be at top of page or before any output to browser
$_SESSION['account'] = $account;
$_SESSION['account1'] = $account1;
Now access these session variables anywhere in any page but should start session before use, like:
<?php
session_start();
echo $_SESSION['account'];
my session keeps getting unset, whenever I refresh a page, but when I made a control test it seemed to work fine.
Control(Held data):
<?php
session_start();
echo(var_dump($_SESSION));
$_SESSION['name'] = 'john doe';
?>
Top of index.php
<?php
session_start();
echo(var_dump($_SESSION));
include('utils/utils.php');
?>
Login page:
<?php
session_start();
include('utils.php');
if(isset($_POST['email']) && isset($_POST['password'])){
$email = filter($_POST['email']);
$password = getPwd(filter($_POST['password']));
if(!isset($_SESSION['email']) && !isset($_SESSION['password'])){
if(isAccount($email, $password)){
$key = genAuthKey();
$_SESSION['email'] = $email;
$_SESSION['auth_key'] = $key;
mysql_query("update `users` set `auth-key`= '$key' where `email`='$email'") or die(mysql_error());
print("ok");
}else {
print('error');
}
}else {
print('error');
logOut();
}
}else {
print('error');
}
?>
The code is getting fired, because it updated the auth-key in the table. I honestly have no idea what the issue is.
Also, the session is unset when I reload the index page.
I've got some more information. The pages can hold session data, and retain it, but once another page using session is loaded, it will unset all data.
Check if you use Unicode encoded PHP files with BOM.
PHP is not aware of the BOM. The BOM results in an output before your first <?php so PHP fails to set the related HTTP header for the session cookie.
From the docs:
To use cookie-based sessions, session_start() must be called before
outputing anything to the browser.
How it should work:
Index.php is the secured page. It includes check.php, which checks if you have a session = good. If it hasn't, you're not logged in -> log off, remove session. But it doesn't work, it always logs off, like I didn't log in...
index.php
include ‘check.php’;
echo "logged in";
check.php
session_start();
if($_SESSION[‘login’] != ‘good’) {
unset($_SESSION[‘login’]);
unset($_SESSION[‘name’]);
header(‘Location: login.php?logoff’);
exit();
}
Login.php
if(isset($_POST[‘login’])) {
$gb = array();
$gb[‘user1’] = ‘pass1’;
$gb[‘user2’] = ‘pass2’;
if(isset($gb[$_POST[‘username’]]) && $gb[$_POST[‘username’]] == $_POST[‘password’])
{
$_SESSION[‘login’] = ‘good’;
$_SESSION[‘name’] = $_POST[‘name’];
header("Location: index.php");
} else {
header("Location: login.php?wrongpass");
}
} else { ?>
Login Form
<?php } ?>
I hope someone can help me!
You should verify you started the session in login.php.
Put session_start(); in all the pages
You need to have session_start() at the top of all the pages, you havent shown the session start for your login page.
(Thanks to Danny for proving I cant type)
Check that you have register_globals is On in your php.ini
First check on the pages you want to use session variables session is start or not and if session is not stat then start it.
and this is the very first line in the php file.
Code for the session checking is :
if(!session_id())
{
session_start();
}
if($count==1){
session_start();
$_SESSION['Username'] = $UserName;
$_SESSION['Password'] = $password;
UpdateOnlineChecker($Session);
header( "Location: http://". strip_tags( $_SERVER ['HTTP_HOST'] ) ."/newHolo/" );
exit;
}
else {
echo "Wrong Username or Password";
}
Look at my code. It checks if the statement is true (for me, if there is one row with a query statement i execute). Then i start a session and basically Ill define global session variables, sned out a query to my database to update the session and then refer through.
you are missing a session_start(); in your if true block.
Use one for action document such as index.php there is code:
session_start();
if(isset($_POST['login']) && isset($_POST['password'])){
// login
header('Location: (here is some page)');
}
if(!isset($_SESSION['user']){
// #todo some action
} else {
require_once('login.php');
}
if(isset($_GET['logout'])){
unset($_SESSION['user']);
header('Location: (here is some page)');
}
I think problem is header:
('location:------.php);
Your hosting server doesn't run this.
You can use this:
echo "<script>window.location.href='-----.php'</script>";