PHP Destroy session on isset - php

I am trying to destroy a session when a session is selected but it is not being destroyed:
if (isset($_POST['primary_cat'])) {
$_SESSION['primary_cat'] = $_POST['primary_cat'];
unset($_SESSION['secondary_cat']);
}elseif(empty($_SESSION['primary_cat'])) {//define primary_cat
$_SESSION['primary_cat'] = null;
}
When I change $_POST['primary_cat'] this is changed but $_SESSION['secondary_cat'] is not being destroyed. How can I destroy $_SESSION['secondary_cat']

This is how I completely destroy the one and only session I have:
session_start();
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params["path"],$params["domain"], $params["secure"], $params["httponly"]);
echo " Zerstöre Cookie... ";
}
#session_unset();
#session_destroy();
Maybe it helps you to adapt your code for your specific session.

if (isset($_POST['primary_cat'])) {
$_SESSION['primary_cat'] = $_POST['primary_cat'];
unset($_SESSION['secondary_cat']);
} elseif (empty($_SESSION['primary_cat'])) {//define primary_cat
$_SESSION['primary_cat'] = null;
}
You should try these instead:
if (isset($_POST['primary_cat'])) {
session_destroy();
$_SESSION['primary_cat'] = $_POST['primary_cat'];
} else if (!$_SESSION['primary_cat']) {
//your business
}
An explanation to that is on clicking or selecting
"primary_cat"
it should run that block of code else it won't run that code and if it does, you the
session_destroy();
Destroys active session and the below creates a new session due your specifications.

Your code seems ok, problem might be from your browser.
make sure session is started. if it's still not destroyed, then close your browser and restart apache.
But also make sure you are not setting $_SESSION['secondary_cat'] somewhere else your code.
To be sure, do the following after unsetting $_SESSION['secondary_cat']
if(isset($_SESSION['secondary_cat'])){
echo '<script type="text/javascript">alert("the session still has value : '.$_SESSION['secondary_cat'].'");</script>';
}
else
echo '<script type="text/javascript">alert("session has been unset");</script>';
The above will display a javascript alert showing "the session still has value : thevalue" if the session was not unset or "session has been unset" if it really has been unset
hope this helps

try this...
if(isset($_SESSION['secondary_cat'])&&!empty($_SESSION['secondary_cat'])){
unset($_SESSION['secondary_cat']);
}

Related

Intermittent behavior of login to memberpage, session/redirect fails in wordpress / PHP

I have done a memberpage using an external interface to check if the user is allowed to login to the memberpage. The code looks like this
<?php
require (__DIR__ .'/Permission/checkUser.php');
if (isset($_POST['submit'])){
session_start();
$errors = array();
if (empty ($_POST ['user']) ||
empty ($_POST ['password'])) {
$errors[] = 'Användarnamn och passord får inte vara tomt';
}
$checkuser = new checkUser();
if ($checkuser->checkUser($_POST ['user'], $_POST ['password']) == false){
$errors[] = 'Kontrollera user och lösenord';
}
if (count($errors) == 0) {
$_SESSION['userid'] = md5(microtime());
$_SESSION['start'] = time();
wp_redirect( get_permalink( 18341 ) );
die;
}
}
?>
If a succesful result from the SOAP call is returned the user are redirected to memberpage. The code fore memberpage are as following
<?php
require_once 'sessioncheck.php';
get_header();
$container = get_theme_mod( 'understrap_container_type' );
?>
After performing the check the HTML are presenting the memberpage content.
The sessioncheck.php has the following code:
<?php
session_start();
if (!isset($_SESSION['userid'])){
//session does not exist send back to loginpage
header('Location: memberLogin');
}
if (isset($_SESSION['start']) && (time() - $_SESSION['start'] > 1800)) {
// last request was more than 30 minutes ago
session_unset(); // unset $_SESSION variable for the run-time
session_destroy(); // destroy session data in storage
header('Location: memberLogin');
}
?>
It is suppose to unset and destroy the session if 30 minutes has passed.
My problem is that sometimes, often after a session has expired the redirect in the first code does not work. Its actually not even trying to load the memberpage. I first thought I had some problems with the session variables but now I think there might be some garbage from the session that causes this problem. It semse to be intermittent but I have asked other to test the page (using the right cred) and they always semse to be able to login on there first attempt to fail later on.
What am I doing wrong? Using PHP 7.4 with the latest WP core.
EDIT:
Added the following code to clean up sessions and cookie
$_SESSION = array();
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
Now everything works fine when I am logged in as an adminuser in wordpress. However, as soon as I log out it stops working. However, the session is saved and if I log in again at WP, then I am able to enter the memberpage without doing the login procedure. I updated the page in WP (memberpage) and it worked again. This is all confusing me right now... :(
Solved, clearing Session cookie and purged cache solved the issue. Needed exclude memberpage from cache. Didnt work with LiteSpeed cache

sessions value still showing on some pages after deleting the session

My sessions still shows values of sessions that are deleted on some pages. My header has the session start on every page.
<?php session_start(); ?>
I unset my session with:
$key_to_remove = $_POST['key'];
if (count($_SESSION["Carray"]) <= 1) {
unset($_SESSION["Carray"]);
} else {
unset($_SESSION["Carray"]["$key_to_remove"]);
sort($_SESSION["Carray"]);
}
Try This I use this kind of code for destroy session and it's working.
<?php
session_start();
$_SESSION = array();
session_destroy();
if(isset($_SESSION['key']))
{
unset($_SESSION['carry']);
}?>

PHPSESSID won't die

I'm trying to make a simple logout script for my site, but for some reason, I can't kill this cookie. I was able to kill another cookie which I named "fontCookie" but this default-named one won't go away. What could be causing this issue? This is what I have, and I repeat, fontCookie is being destroyed:
<?php
session_start();
if(isset($_SESSION["loggedin"])){
$_SESSION = array();
if(isset($_COOKIE['fontCookie'])){
setcookie('fontCookie', '', time() -42000);
}
if ( isset( $_COOKIE[session_name()] ) ){
setcookie( session_name(), '', time()-42000);
}
session_destroy();
header('Location: http://google.com');
}
else{
header('Location: http://google.com');
}
?>
It seems you need to call session_name() before session_start()
The session name is reset to the default value stored in session.name
at request startup time. Thus, you need to call session_name() for
every request (and before session_start() or session_register() are
called). refer here
Try deleting cookie like this.
setcookie('fontCookie', '', time() -42000);
$_COOKIE["fontCookie"] = null;
unset($_COOKIE["fontCookie"] );

Php sessions being lost

I do the following to set my session, this works because the echo appears. but when I go to the next page or another the session is not there? what am I doing wrong?
$session_start();
if ($username==$dbusername&&$password==$dbpassword)
{
echo"<b>Login Successful</b><br><a href='systemadmin.html'><br>Click here to access the <strong>System Admin Page</strong></a>";
$_session['username']=$dbusername;
if($username == "admin")
{
$_session['admin'] = true;
}
I am trying to get the following to work with these sessions:
<?php
session_start();
if($_session['admin'] == true)
{
// do nothing
}else{
header( 'Location: home.html' ) ;
}
?>
Update:
the uppercase sessions work but now the sessions arent destroying when i use the logout.php
<?php
session_start();
session_destroy();
header("location: home.html");
?>
$_session should be => $_SESSION.
http://php.net/manual/en/reserved.variables.session.php
The first works because you are setting a 'normal' variable (which is available for the request).
UPDATE
To destroy the session:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
http://php.net/manual/en/function.session-destroy.php#example-4368
Additionaly you should always use exit(); after you do a redirect to prevent further execution of the script.
PHP Server/Session/Global variables are case sensitive. To PHP, $_SESSION is NOT the same variable as $_session, even though to you in English, they seem to be. You must use $_SESSION, not $_session in order to access the PHP Session variables as you are expecting.
You have to use exit(); after the header(); because the script doesn't always end right after the user redirects to a new page.
The name of the superglobal is $_SESSION in uppercase letters. Try changing that and see if it helps.

a log-out hyperlink in PHP?

In case somebody knows, how can I make a hyperlink in PHP...
<?php
echo( 'Log-out' );
?>
that would not only to navigate to the first page, but also remove cookies?
Thanks!
You can make another page which clears all the cookies (i.e. sets them to expire in the past) and then redirects to index.php:
// page: clear.php
<?php
session_start();
$_SESSION = array();
session_destroy();
setcookie('cookie1', '', strtotime('-2 days'));
setcookie('cookie2', '', strtotime('-2 days'));
// etc.
header('Location: index.php');
exit();
I usually use the method prescribed by the manual:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
The only thing that remains is header('Location: index.php');
Submit a parameter in your link like index.php?logout=true, check for that parameter in your index.php and if set, delete cookies:
http://php.net/manual/de/function.setcookie.php
If you set the "lifetime" (expire) of a cookie to something in the past (or leave it out completely), it will be removed on the next pageload (do a Google search for "php delete cookie" to find help). Force a page reload, if needed.
You may also want to destroy the user's session.
Here's your HTML link
Log-out
And your PHP to handle to logging out
if(isset($_GET['logout'])) {
// clear the session variable, display logged out message
}
Use link like that:
<?php
echo( 'Log-out' );
?>
And index.php is:
<?php
$link = $_GET["link"];
if($link == "logout")
{
session_destroy();
}
?>
In the navigation menu:
Log out
In logout.php:
<?php
// kill the session
header('Location: index.php');
exit();
For killing the session, see the example at session_destroy() in the PHP manual.
Logout Link:
Log Out
logout.php
<?php
session_start();
session_destroy();
?>

Categories