My PHP session seems to not be unsetting. When I return to the home page after clicking logout, if I refresh the page again then it seems to log me back in.. as if the session never actually ended. The same occurs if I leave the page and re-visit it. Here is my logout.php page:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
header("Location: index.php");
?>
I really have no idea why it's doing this, any help would DEFINITELY be appreicated. If you need anymore information I'd be happy to provide some. Thanks!
You can use below code in your logout.php
session_start();
unset($_SESSION['var_name']); // delete just the session of va_name data
session_destroy(); // delete ALL session info/Data.
Related
I have read many php tutorials for logout scripts, i am wondering what could be the proper way to logout from a session!
Script 1
<?php
session_start();
session_destroy();
header("location:index.php");
?>
Script 2
<?php
session_start();
session_unset();
session_destroy();
header("location:index.php");
?>
Script 3
<?php
session_start();
if (isset($_SESSION['username']))
{
unset($_SESSION['username']);
}
header("location:index.php");
?>
Is there any more effective way to do this?? A session can always be created by logging back in, so should i bother about use of session_destroy() and use unset($_SESSION['variable']) instead? which one of the above 3 script is more preferable?
From the session_destroy() page in the PHP manual:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
Personally, I do the following:
session_start();
setcookie(session_name(), '', 100);
session_unset();
session_destroy();
$_SESSION = array();
That way, it kills the cookie, destroys all data stored internally, and destroys the current instance of the session information (which is ignored by session_destroy).
Session_unset(); only destroys the session variables. To end the session there is another function called session_destroy(); which also destroys the session .
update :
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that
<?php
// Initialize the session.
session_start();
// Unset all of the session variables.
unset($_SESSION['username']);
// Finally, destroy the session.
session_destroy();
// Include URL for Login page to login again.
header("Location: login.php");
exit;
?>
When I signout, I call the following to destroy the session. It works in other browsers but in Chrome, the session is still there.
session_unset();
session_destroy();
Please help if I there's a special way to do it in Chrome and other browsers.
When in doubt, check the manual:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
session is stored on server - it have nothing to do with browser ( in browser could be only cookie with session id or something like )
While I'm pressing on log out link it's not exit the user from the page but when I'm refreshing manually after the clicking it really will log out.
The log out command is:
$URL = $_GET['url'];
session_unset();
redirect($URL);
When the page is redirected I see the session variables although they were deleted and
just after manual refresh it's OK.
There is no any problem in Chrome and IE.
In order to really log the user out, you need to also unset the session ID and the cookie which is used to propagate the session id to the client.
Here is a sample code from the PHP manual which does that:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
Is it enough to
session_start(); // Must start a session before destroying it
if (isset($_SESSION))
{
unset($_SESSION);
session_unset();
session_destroy();
}
when the user selects Log out from a menu, but does not quit his browser? I want to totally remove all existence of the session and $_SESSION
According to the manual, there's more to do:
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
The manual link has a full working example on how to do that. Stolen from there:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
I have read many php tutorials for logout scripts, i am wondering what could be the proper way to logout from a session!
Script 1
<?php
session_start();
session_destroy();
header("location:index.php");
?>
Script 2
<?php
session_start();
session_unset();
session_destroy();
header("location:index.php");
?>
Script 3
<?php
session_start();
if (isset($_SESSION['username']))
{
unset($_SESSION['username']);
}
header("location:index.php");
?>
Is there any more effective way to do this?? A session can always be created by logging back in, so should i bother about use of session_destroy() and use unset($_SESSION['variable']) instead? which one of the above 3 script is more preferable?
From the session_destroy() page in the PHP manual:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
Personally, I do the following:
session_start();
setcookie(session_name(), '', 100);
session_unset();
session_destroy();
$_SESSION = array();
That way, it kills the cookie, destroys all data stored internally, and destroys the current instance of the session information (which is ignored by session_destroy).
Session_unset(); only destroys the session variables. To end the session there is another function called session_destroy(); which also destroys the session .
update :
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that
<?php
// Initialize the session.
session_start();
// Unset all of the session variables.
unset($_SESSION['username']);
// Finally, destroy the session.
session_destroy();
// Include URL for Login page to login again.
header("Location: login.php");
exit;
?>