Took me a while to tackle this problem to it's exact cause, but here's what seems to be happening:
I have a session. I want to completely kill my current session and start from scratch, with a brand new session, that has a blank slate.
So this is what I do:
public function unregister_session()
{
// I COMMENTED THOSE SECTIONS THAT I WASNT SURE WHAT THEY WERE DOING, BUT PROBLEM PERSISTS.
//session_regenerate_id();
//$params = session_get_cookie_params();
// setcookie(session_name(), '', time() - 42000,
// $params["path"], $params["domain"],
// $params["secure"], $params["httponly"]);
unset($_SESSION);
$_SESSION=array();
echo '<br> destroying session. old SID:'.session_id(); //echos 'qqhu7on0n...'
session_unset();
session_destroy();
echo '<br> limbo SID:'.session_id(); //echos nothing.
session_start();
echo '<br> new SID:'.session_id(); //echos 'qqhu7on0n...'
}
Alright so what i think should happen is that I have a new session. And well it kind of works, because everything about the previous session seems to be forgotten, at least if I look at $_SESSION.
BUT whenever I echo the session_id it still gives me the old session ID! When I write any values into $_SESSION they are not carried over to the next page, instead on the next page $_SESSION is empty!
EDIT: i echo the session_id() on multiple places on my script (going from top to bottom) i get always the same session_id displayed. going into google developer tools looking at my cookies, i see a different id for PHPSESSID. i see the exact id which i will see when i'm trying to echo session_id() on the next page...
Why is this happening and what am I doing wrong?
How can I get session_id() to show me the NEW session id, not the old one?
How can I write values into the NEW $_SESSION variable, so that they are actually carried over to the next page?
EDIT - THE SOLUTION
public function unregister_session()
{
// DUNNO IF THE COMMENTED SECTIONS MAKE A DIFFERENCE
//$params = session_get_cookie_params();
// setcookie(session_name(), '', time() - 42000,
// $params["path"], $params["domain"],
// $params["secure"], $params["httponly"]);
unset($_SESSION);
$_SESSION=array();
echo '<br> destroying session. old SID:'.session_id(); //echos 'qqhu7on0n...'
session_unset();
session_destroy();
echo '<br> limbo SID:'.session_id(); //echos nothing.
session_start();
session_regenerate_id(TRUE); //THIS DOES THE TRICK! Calling it after session_start. Dunno if true makes a difference.
echo '<br> new SID:'.session_id(); //echos '7b2jn...' :-)
}
Checkout, http://php.net/manual/en/function.session-regenerate-id.php
session_regenerate_id()
Make sure you are calling session_start on whatever page is calling that function. I would also un-comment the code for destroying the cookie. That can possibly prevent weird problems with cached data.
Related
!!!! I know this has been asked a zillion times but I tried everything, it just does not work so dont discard the question please
when logging from one user to the other, sessions are not discared at all and former user data are displayed
I have to CTRL+F5 the navigator to have the correct new logged user data
I tried :
problematically I replace everything in the session variable with fresh new data from the new logged user (from DB), but some fields are still remains of the previous user...this makes no sens at all
$_SESSION = array();
unset($_SESSION["end_user_session"]);
$session=$endUser; // from DB !!!!
$session["sessionID"]=session_id();
$_SESSION["end_user_session"] = $session;
on logout , I do this and it should destroy the session values, yet they are still there:
$_SESSION = array();
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(),'',0,'/');
$_SESSION = array();
this has driven me nuts for more than 2 years now
we have the issue in wamp, and on our linux preprod/prod
please help, let me know if you need more infos
You have probably tried this (it's in the PHP manual), but just in case:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
I now stores everything in db, not using php sessions anymore
problem solved
I have 2 different session id's on 5 different php pages in the same directory on the same host.
I call session_start(); right after the php-tag on top of every page
I converted all the pages to utf-8 without DOM
I set all file permissions to 644
I tried clearing my browser cache
I tried clearing the sessions using the script below
session_start();
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_unset();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
To no avail.
How do I fix this bug?
If you use unset($_SESSION); that should remove all current sessions I believe.
Then, to set a global session you just do
$_SESSION['user_id'] = "0001"
And then call it by using $_SESSION['user_id'].
Make sure, like you do in the demo above, that you have session_start(); at the top of pages you want to call session variables on.
That might not be the most up to date way, but that's how I've been doing it - just with the unset being assigned to each part of the session array instead of the whole thing.
How can I destroy the session after the user go to another page !?
I make a search form that give the user1 name, after this I open a session, it give me data
the problem is when I search for another user in the same page, the data that the user2 not have, it take it from user1
I want to delete the last session when I start a new search !? or when I got to another page !?
If you want to destroy the session on each page load, and start it over you need to destroy the session and then start it again. See session_destroy, this code snippet is taken from the PHP documentation. You can use register_shutdown_function to call this last
register_shutdown_function(function() {
if(session_status() === PHP_SESSION_NONE) {
session_start();
}
$_SESSION = array();
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
session_destroy();
});
There's possibility to use session_destroy() function in PHP, but this is not generally recommended, because calling session_destroy() destroys all the session data and not only those you want to be destroyed.
I am having an issue with the session variables.
I am having a simple signup php page that uses ajax calls to verify username and email address if they already exist. It also has an ajax image uploader that gives a preview of the selected image.
Now this is how I am setting the session variable :-
session_start();
session_unset();
$_SESSION = array();
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
session_destroy();
session_start();
$_SESSION['avurl'] = $filename;
$filename is valid as it is echoed in the above code just after this snippet.
In the page where I need to use this session variable I have this :-
session_start();
$av_url = $_SESSION['avurl'];
Now the weird thing is that whenever this runs the first time the session variable doesn't have any value. But the second time it works.
How I came to check this is that I created a test.php which just echos $_SESSION['avurl'] and the first time it never shows anything but the second time it does.
What I figured out from this is that once it echoes this session variable it starts working to store the value.
And all that code that I am using to set that variable is edited from just :-
session_start();
$_SESSION['avurl'] = $filename;
to that as this also didn't work and I thought that this could be a problem with already existing sessions.
Thankyou
Hope this is enough information for solving my problem !!
session_start();
session_unset();
This code delete Your session... Why You doing this?
While I'm pressing on log out link it's not exit the user from the page but when I'm refreshing manually after the clicking it really will log out.
The log out command is:
$URL = $_GET['url'];
session_unset();
redirect($URL);
When the page is redirected I see the session variables although they were deleted and
just after manual refresh it's OK.
There is no any problem in Chrome and IE.
In order to really log the user out, you need to also unset the session ID and the cookie which is used to propagate the session id to the client.
Here is a sample code from the PHP manual which does that:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();