I have 2 different session id's on 5 different php pages in the same directory on the same host.
I call session_start(); right after the php-tag on top of every page
I converted all the pages to utf-8 without DOM
I set all file permissions to 644
I tried clearing my browser cache
I tried clearing the sessions using the script below
session_start();
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_unset();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
To no avail.
How do I fix this bug?
If you use unset($_SESSION); that should remove all current sessions I believe.
Then, to set a global session you just do
$_SESSION['user_id'] = "0001"
And then call it by using $_SESSION['user_id'].
Make sure, like you do in the demo above, that you have session_start(); at the top of pages you want to call session variables on.
That might not be the most up to date way, but that's how I've been doing it - just with the unset being assigned to each part of the session array instead of the whole thing.
Related
I am starting session in one api using session_start and want to end session in another api. Both API are written in different PHP files.
Can I destroy PHP session created in first API from second API? I am not able to destroy session from second API using session_destroy. I am getting error session uninitialized.
Also can I give timeout/cookie to session?
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
Did you start the session on the second page? You have to start it before you destroy it.
session_start();
session_unset();
session_destroy();
Try that.
In our website, we have applied lots of session variables. After setting, we shall unset them to free the server resources.
Apart from unset each session one by one, would there be any function that can check a website that has session variables not being unset yet?
Thank you.
To unset a single record, use
unset($_SESSION['varname']);
To clear a full session, use
session_destroy();
A session is removed automatically, when it is not accessed for a while (configurable via php.ini). Because of this it is not required to remove orphaned session data yourself.
This can be done with session_destroy();
http://www.php.net/manual/en/function.session-destroy.php
You need session_destroy();
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
Also unset the cookie created by the session!
While I'm pressing on log out link it's not exit the user from the page but when I'm refreshing manually after the clicking it really will log out.
The log out command is:
$URL = $_GET['url'];
session_unset();
redirect($URL);
When the page is redirected I see the session variables although they were deleted and
just after manual refresh it's OK.
There is no any problem in Chrome and IE.
In order to really log the user out, you need to also unset the session ID and the cookie which is used to propagate the session id to the client.
Here is a sample code from the PHP manual which does that:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
Is it enough to
session_start(); // Must start a session before destroying it
if (isset($_SESSION))
{
unset($_SESSION);
session_unset();
session_destroy();
}
when the user selects Log out from a menu, but does not quit his browser? I want to totally remove all existence of the session and $_SESSION
According to the manual, there's more to do:
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
The manual link has a full working example on how to do that. Stolen from there:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
HEY GUYS
deleting cookie is a easy thing to do in php but problem is untill i get out of my browser it still exists
setcookie("PHPSESSID", false);
setcookie("PHPSESSID","",time()-31536000);
any way to delete this cookie whithout need of closing the browser ?!
so what do u think ?!
Cookie headers are only sent as soon as the user laods a new page. So just unsetting the browser server side will not delete it on the client.
Also be aware of the domain. You should always use a fourth parameter to set a cookie for all paths on your site. If you don't do that, a cookie from a subfolder might still exists.
You can check with cookies are set using some JavaScript function or the Web Developer Toolbar for Firefox.
Properly destroy the session and set the session cookie var to expire in the past.
From the PHP.net manual on session destroy:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>