my class.inc file:
<?php
class logout{
public function logout(){
$_SESSION = array();
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params["httponly"]);
}
session_destroy();
}
}
?>
used code for my logout:
session_start();
require($path."include/class.inc");
if(!empty($_GET['logout'])){
$object=new logout();
$object->logout();
$content='5;url='.$path.'index.php';
}
When the logout function is called, it destroys the session, but shows the warning:
Warning: session_destroy(): Trying to destroy uninitialized session in class.inc on line 9
I am unable to troubleshoot, as the session is not being destroyed by any other means before the session_destroy() of class.inc.
You have to call the function mentioned below at the top your logout function in the logout class.
session_start();
Add the above function and try it out. If you don’t start the session at the top of your file, it will throw exceptions like “headers already sent”, “can’t start the session”, etc.
This error is common when you haven't started the session beforehand
if (!isset($_SESSION))
{
session_start();
}
https://www.php.net/manual/en/function.session-status.php
if (session_status() === PHP_SESSION_ACTIVE)
session_destroy();
I encountered the session_destroy() error message when I started using session_write_close(). To determine if session_destroy() should be called or not, I had to do the following:
class Session {
public static function start() {
self::$haveSession = true;
session_start();
}
public static function finish() {
session_write_close();
self::$haveSession = false;
}
public static function clear() {
if (self::$haveSession) {
session_unset();
session_destroy();
}
}
}
In PHP >= 5.4 it should work to replace if (self::$haveSession) with if(session_status() === PHP_SESSION_ACTIVE).
You can add this code to start a session if it didn't start before
if(!session_id()) {
session_start();
}
Start your session
session_start(); and you can destroy your session
<?php
session_start();
class logout{
public function logout(){
$_SESSION = array();
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params["httponly"]);
}
session_destroy();
}
}
?>
You'll have to call session_start() before you call session_destroy();
Are you storing session in data in files or in a database. If you are storing it in a database, I normally just delete the record from the session table that corresponds to the session id, that way you don't have to unregister each session var and it actually deletes the whole session.
Related
I am trying to create a login controller for my website ... in terms of keeping people logged in I've decided to use sessions.
I am currently attempting to create a class that can be referenced when I include the controller file of the sessions. This will allow me to create, authenticate (delete) and update sessions.
<?php
class Session {
static function start($name, $value) {
session_start();
$_SESSION[$name] = $value;
$_SESSION['EXPIRE'] = time() + 10;
}
// checking for expire
static function auth() {
if (isset($_SESSION['EXPIRE']) && $_SESSION['EXPIRE'] < time()) {
$_SESSION = array();
session_destroy();
}
}
static function update($time = 20) {
if (isset($_SESSION['EXPIRE'])) {
$_SESSION['EXPIRE'] = time() + $time;
session_regenerate_id(false);
}
}
}
Currently it does not set sessions properly. When I try to call the sessions on pages once I set them it does not fetch properly.
The session isn't expiring before I call it because I never call the function that expires it inside the class on the document.
You can't call your Session class as you need to include session_start() and you are only having this in the start method.
Option 1: You would have to call session_start() in each page where you want to deal with sessions
Option 2: Add a function to your class and call it after your class is created and add in there session_start() so wherever you include the Session Class session_start would already been initialized
Example:
Sessions.php
class Session {
static function init(){
session_start();
}
//rest of your methods...
}
//initialize it
Session::init();
page-that-uses-session.php
include('Sessions.php');
Session::update();
Better set php session timeout variable in php.ini or from ini_set() function and don't create own $_SESSION['expire'] variable; You can regenerate_session_id() each time when user sent request; Better test user ip address in session. In most projects you have one page on server or only your own pages.
Set user id in session:
$_SESSION['userid'] = $loggoed_id_from_db;
// and test
if((int)$_SESSION['userid'] == 0){
header('Location: logout.php');
exit;
}else{
if(empty($_SESSION['ip'])){
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
}else{
if($_SESSION['ip'] != $_SERVER['REMOTE_ADDR']){
header('Location: logout.php');
exit;
}
}
}
And probably you don't start session from class!
I trigger the function below in all my web pages.
function refresh_user_auth() {
if (isset($_COOKIE["UserID"])) {
$_SESSION["UserIDS"] = $_COOKIE["UserID"];
setcookie("UserID", $_COOKIE["UserID"], time() + (86400 * 30), "/");
}
elseif (isset($_SESSION["UserIDS"])) {
$_SESSION["UserIDS"] = $_SESSION["UserIDS"];
setcookie("UserID", $_SESSION["UserIDS"], time() + (86400 * 30), "/");
}
}
I use the function below to log out but it doesn't seem to have logged me out when I visit other web pages on the website.
function unset_user_auth() {
if (isset($_COOKIE["UserID"])) {
unset($_COOKIE['UserID']);
$_COOKIE = array();
setcookie('UserID', '', time() - 36000);
}
if (isset($_SESSION["UserIDS"])) {
unset($_SESSION['UserIDS']);
$_SESSION = array();
session_destroy();
setcookie('UserIDS', '', time() - 36000);
}
}
Please, what am I doing wrong?
I'm not sure why you have to do that separately for cookie and session, you can do that all at once. When logging out, it isn't required to check if cookies are set and/or session is set if you're going to destroy both anyway (unless you have an option to save cookie for 'Remember me' function).
Here's an example from a comment in the PHP documentation for session_unset() function page. You could always refer to PHP documentation when in doubt. You'll find ample examples and use cases in the comments.
<?php
session_start();
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(),'',0,'/');
session_regenerate_id(true);
?>
I am having trouble in destroying session when user logout of its account. After logging out when i browse any page which is restricted to user not to access before login i can access that but if i close my browser after logging out and then try to access the page i cant. Please solve my problem so that user cannot access the pages after logging out even he/she has not closed the browser. Here's my code of logging out and destroying session.
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
if(isset($_POST['logout'])){
session_start();
// Unset all of the session variables.
$_SESSION = array();
$_SESSION["Alogin"] = "";
// If it's desired to kill the session, also delete the session
cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
}
?>
Session session_start() must be at the top
<?php
// Initialize the session.
session_start();
// If you are using session_name("something"), don't forget it now!
if(isset($_POST['logout'])){
//What ever you want
// Finally, destroy the session.
unset( $_SESSION );
session_destroy();
//redirect to loginpage
header('Location:../login.php');
exit;
}
?>
Put your session_start (); outside the if statement and
check with print_r ($_POST); if you send $_POST['logout']
I've read several topics like:
Error — session_destroy() — Trying to destroy uninitialized session, Warning: session_destroy(): Trying to destroy uninitialized session, Warning: session_destroy(): Trying to destroy uninitialized session with phpCas
And none of them help me.
public function forbidden(){
if(!isset($_SESSION)){ session_start(); }
if(!isset($_SESSION['email']) || !isset($_SESSION['id'])){
$this->error_404();
}else{
if(!isset($_COOKIE['data'])){
session_destroy();
$this->error_404();
}
if($_COOKIE['data'] != sha1($_SESSION['email'])){
session_destroy();
unset($_COOKIE["data"]);
setcookie("data", false, time() - 3600, '/');
$this->error_404();
}
}
}
Warning: session_destroy() [function.session-destroy]: Trying to
destroy uninitialized session
I do receive that error on the second session_destroy();, the session is initialized so I don't get it?
Read This Answers of this question on stackoverflow
why session destroy not working
put this code in first and End of Your php File
<?php
ob_start();
?>
Your Code Here...
<?php
ob_flush();
?>
Your calling session_destroy() twice.
Or Removed All Sessions on server...
The problem is that you call session destroy twice. If $_COOKIE['data'] is not set, then $_COOKIE['data'] != sha1($_SESSION['email']) will return false as well and it will try to destroy the session again.
if(!isset($_COOKIE['data'])){
session_destroy();
$this->error_404();
}
if($_COOKIE['data'] != sha1($_SESSION['email'])){
session_destroy();
unset($_COOKIE["data"]);
setcookie("data", false, time() - 3600, '/');
$this->error_404();
}
Make the checks on in another
if($_COOKIE['data'] != sha1($_SESSION['email'])){
if(!isset($_COOKIE['data'])){
session_destroy();
$this->error_404();
}
else
{
unset($_COOKIE["data"]);
setcookie("data", false, time() - 3600, '/');
session_destroy();
$this->error_404();
}
}
If the cookie data is not valid, it may be because there is no cookie. This way, if it's not valid, it checks if it exists. If it does exist and it's not valid, it does something. If it doesn't, it does something else.
You're calling session_destroy() twice.
If your cookie isn't set, then it won't equal $_SESSION['email'] will it?
Change your code to:
public function forbidden(){
if(!isset($_SESSION)){ session_start(); }
if(!isset($_SESSION['email']) || !isset($_SESSION['id'])){
$this->error_404();
}else{
if(!isset($_COOKIE['data'])){
session_destroy();
$this->error_404();
} elseif($_COOKIE['data'] != sha1($_SESSION['email'])){
session_destroy();
unset($_COOKIE["data"]);
setcookie("data", false, time() - 3600, '/');
$this->error_404();
}
}
}
from my logout.php :
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
if ( isset( $_SESSION['colony_id']))
$cookie = $_SESSION['colony_id'] ;
$_SESSION = array();
if(isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}
session_destroy();
//this fails- session_start() ;
if ( !empty($cookie))
$_SESSION['colony_id'] = $cookie ;
// redirect_to("login.php?logout=1");
?>
I want to end the current session and then start a new session, with one of the variables from the old session in the new session. I tried adding a second session_start statement, but that had no effect. What else can I do ?
Thanks
Edit: I decided to redirect to a new page, on which a fresh session_start() statement created a new session
See this link :
http://bugs.php.net/bug.php?id=38042
it's a bug in php and it has a patch.
You could put the session variable into a normal variable, and then destroy the session and put it back in the session after you create a new one.
If you jsut have one variable you want to save, and you absolutly want to destroy the session:
Save the variable to a local variable, destroy the session, start a session, and then reload th session variable...
$localvar = $_SESSION['variable'];
session_destroy();
session_start();
$_SESSOIN['variable'] = $localvar;