I'm trying to make a simple logout script for my site, but for some reason, I can't kill this cookie. I was able to kill another cookie which I named "fontCookie" but this default-named one won't go away. What could be causing this issue? This is what I have, and I repeat, fontCookie is being destroyed:
<?php
session_start();
if(isset($_SESSION["loggedin"])){
$_SESSION = array();
if(isset($_COOKIE['fontCookie'])){
setcookie('fontCookie', '', time() -42000);
}
if ( isset( $_COOKIE[session_name()] ) ){
setcookie( session_name(), '', time()-42000);
}
session_destroy();
header('Location: http://google.com');
}
else{
header('Location: http://google.com');
}
?>
It seems you need to call session_name() before session_start()
The session name is reset to the default value stored in session.name
at request startup time. Thus, you need to call session_name() for
every request (and before session_start() or session_register() are
called). refer here
Try deleting cookie like this.
setcookie('fontCookie', '', time() -42000);
$_COOKIE["fontCookie"] = null;
unset($_COOKIE["fontCookie"] );
Related
I have done a memberpage using an external interface to check if the user is allowed to login to the memberpage. The code looks like this
<?php
require (__DIR__ .'/Permission/checkUser.php');
if (isset($_POST['submit'])){
session_start();
$errors = array();
if (empty ($_POST ['user']) ||
empty ($_POST ['password'])) {
$errors[] = 'Användarnamn och passord får inte vara tomt';
}
$checkuser = new checkUser();
if ($checkuser->checkUser($_POST ['user'], $_POST ['password']) == false){
$errors[] = 'Kontrollera user och lösenord';
}
if (count($errors) == 0) {
$_SESSION['userid'] = md5(microtime());
$_SESSION['start'] = time();
wp_redirect( get_permalink( 18341 ) );
die;
}
}
?>
If a succesful result from the SOAP call is returned the user are redirected to memberpage. The code fore memberpage are as following
<?php
require_once 'sessioncheck.php';
get_header();
$container = get_theme_mod( 'understrap_container_type' );
?>
After performing the check the HTML are presenting the memberpage content.
The sessioncheck.php has the following code:
<?php
session_start();
if (!isset($_SESSION['userid'])){
//session does not exist send back to loginpage
header('Location: memberLogin');
}
if (isset($_SESSION['start']) && (time() - $_SESSION['start'] > 1800)) {
// last request was more than 30 minutes ago
session_unset(); // unset $_SESSION variable for the run-time
session_destroy(); // destroy session data in storage
header('Location: memberLogin');
}
?>
It is suppose to unset and destroy the session if 30 minutes has passed.
My problem is that sometimes, often after a session has expired the redirect in the first code does not work. Its actually not even trying to load the memberpage. I first thought I had some problems with the session variables but now I think there might be some garbage from the session that causes this problem. It semse to be intermittent but I have asked other to test the page (using the right cred) and they always semse to be able to login on there first attempt to fail later on.
What am I doing wrong? Using PHP 7.4 with the latest WP core.
EDIT:
Added the following code to clean up sessions and cookie
$_SESSION = array();
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
Now everything works fine when I am logged in as an adminuser in wordpress. However, as soon as I log out it stops working. However, the session is saved and if I log in again at WP, then I am able to enter the memberpage without doing the login procedure. I updated the page in WP (memberpage) and it worked again. This is all confusing me right now... :(
Solved, clearing Session cookie and purged cache solved the issue. Needed exclude memberpage from cache. Didnt work with LiteSpeed cache
I am trying to destroy a session when a session is selected but it is not being destroyed:
if (isset($_POST['primary_cat'])) {
$_SESSION['primary_cat'] = $_POST['primary_cat'];
unset($_SESSION['secondary_cat']);
}elseif(empty($_SESSION['primary_cat'])) {//define primary_cat
$_SESSION['primary_cat'] = null;
}
When I change $_POST['primary_cat'] this is changed but $_SESSION['secondary_cat'] is not being destroyed. How can I destroy $_SESSION['secondary_cat']
This is how I completely destroy the one and only session I have:
session_start();
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params["path"],$params["domain"], $params["secure"], $params["httponly"]);
echo " Zerstöre Cookie... ";
}
#session_unset();
#session_destroy();
Maybe it helps you to adapt your code for your specific session.
if (isset($_POST['primary_cat'])) {
$_SESSION['primary_cat'] = $_POST['primary_cat'];
unset($_SESSION['secondary_cat']);
} elseif (empty($_SESSION['primary_cat'])) {//define primary_cat
$_SESSION['primary_cat'] = null;
}
You should try these instead:
if (isset($_POST['primary_cat'])) {
session_destroy();
$_SESSION['primary_cat'] = $_POST['primary_cat'];
} else if (!$_SESSION['primary_cat']) {
//your business
}
An explanation to that is on clicking or selecting
"primary_cat"
it should run that block of code else it won't run that code and if it does, you the
session_destroy();
Destroys active session and the below creates a new session due your specifications.
Your code seems ok, problem might be from your browser.
make sure session is started. if it's still not destroyed, then close your browser and restart apache.
But also make sure you are not setting $_SESSION['secondary_cat'] somewhere else your code.
To be sure, do the following after unsetting $_SESSION['secondary_cat']
if(isset($_SESSION['secondary_cat'])){
echo '<script type="text/javascript">alert("the session still has value : '.$_SESSION['secondary_cat'].'");</script>';
}
else
echo '<script type="text/javascript">alert("session has been unset");</script>';
The above will display a javascript alert showing "the session still has value : thevalue" if the session was not unset or "session has been unset" if it really has been unset
hope this helps
try this...
if(isset($_SESSION['secondary_cat'])&&!empty($_SESSION['secondary_cat'])){
unset($_SESSION['secondary_cat']);
}
I have this code that setted when login check is fine:
if((isset($_POST["remember_me"]))&&($_POST["remember_me"]==1))
{
setcookie('email', $username, time()+3600);
setcookie('pass', $pass, time()+3600);
}
Now, when I click on logout link (logout.php)
i did this:
<?php session_start();
setcookie("email", '', 1, "");
setcookie("pass", '', 1, "");
$_SESSION["login"] = "";
header("location: aforum/enter_furom.php");
?>
I didn't use destroy session because I don't want to destroy all sessions....
now destroying a session is working fine... but when I try to unset cookies, the browsers (all browsers: explorer, chrome, firefox, mozilla) give me an error saying that the new cookies cant be setted...any help to unset the above cookies ?
either use the superglobal _COOKIE variable:
unset($_COOKIE['mycookiename']);
or call setcookie() with only the cookies name
setcookie('mycookiename');
To reset your cookies at logout use:
setcookie('pass');
setcookie('email');
For you login check:
if(
isset($_POST["remember_me"]) &&
$_POST["remember_me"]==1 &&
$_COOKIE['pass'] != NULL &&
$_COOKIE['email'] != NULL &&
)
setcookie('cookiename', '', time()-3600);
unset($_COOKIE['MYCOOKIE']);
//
setcookie('MYCOOKIE', '', -1, '/');
Care for header "Cannot modify header information.." you can also
use html or javascript for redirect
header("Location: /");
//
echo '<meta http-equiv="refresh" content="0;URL=/">';
//
echo '<script>window.location.replace("/");</script>';
I prefer to check with isset and than unset | setcookie
if(isset($_COOKIE['MYCOOKIE'])) { unset($_COOKIE['MYCOOKIE']); }
//
if(isset($_COOKIE['MYCOOKIE'])) { setcookie('MYCOOKIE', '', -1, '/'); }
this seems to work too, but don't use it in my opinion
setcookie('MYCOOKIE', '', -1, '/') ?? '';
!isset($_COOKIE['MYCOOKIE']) ?: setcookie('MYCOOKIE', '', -1, '/');
Check in your browser for the directory where the cookie operates. And unset it by specify the path the cookie have. Like in the example if the cookie directory is /aforum/
setcookie ("email","",time()-1,"/aforum/","http:// yourdomain.com");
Just set the value of cookie to false in order to unset it,
setcookie('cookiename', false);
That's the easiest way to do it.
To unset cookies in PHP, simply set their expiry time to a time in the past. For example:
$expire = time() - 300;
setcookie("email", '', $expire);
setcookie("pass", '', $expire);
try this
setcookie ("email", "", time() - 3600);
setcookie ("pass", "", time() - 3600);
You need to set your expire time to the past, e.g.
setcookie('email', '', time()-3600);
Also you should be using an Absolute URI for your header('Location:' ....).
In Chrome and IE8+ at least, the following will remove the cookie from the browser. It will not be reflected in the $_COOKIE array until the page is reloaded however.
setcookie('cookiename','',0,'/',$cookieDomain)
you may be able to leave off a few parameters here, but the important thing is you are setting an empty string, and that removes the cookie from the browser.
I do the following to set my session, this works because the echo appears. but when I go to the next page or another the session is not there? what am I doing wrong?
$session_start();
if ($username==$dbusername&&$password==$dbpassword)
{
echo"<b>Login Successful</b><br><a href='systemadmin.html'><br>Click here to access the <strong>System Admin Page</strong></a>";
$_session['username']=$dbusername;
if($username == "admin")
{
$_session['admin'] = true;
}
I am trying to get the following to work with these sessions:
<?php
session_start();
if($_session['admin'] == true)
{
// do nothing
}else{
header( 'Location: home.html' ) ;
}
?>
Update:
the uppercase sessions work but now the sessions arent destroying when i use the logout.php
<?php
session_start();
session_destroy();
header("location: home.html");
?>
$_session should be => $_SESSION.
http://php.net/manual/en/reserved.variables.session.php
The first works because you are setting a 'normal' variable (which is available for the request).
UPDATE
To destroy the session:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
http://php.net/manual/en/function.session-destroy.php#example-4368
Additionaly you should always use exit(); after you do a redirect to prevent further execution of the script.
PHP Server/Session/Global variables are case sensitive. To PHP, $_SESSION is NOT the same variable as $_session, even though to you in English, they seem to be. You must use $_SESSION, not $_session in order to access the PHP Session variables as you are expecting.
You have to use exit(); after the header(); because the script doesn't always end right after the user redirects to a new page.
The name of the superglobal is $_SESSION in uppercase letters. Try changing that and see if it helps.
In case somebody knows, how can I make a hyperlink in PHP...
<?php
echo( 'Log-out' );
?>
that would not only to navigate to the first page, but also remove cookies?
Thanks!
You can make another page which clears all the cookies (i.e. sets them to expire in the past) and then redirects to index.php:
// page: clear.php
<?php
session_start();
$_SESSION = array();
session_destroy();
setcookie('cookie1', '', strtotime('-2 days'));
setcookie('cookie2', '', strtotime('-2 days'));
// etc.
header('Location: index.php');
exit();
I usually use the method prescribed by the manual:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
The only thing that remains is header('Location: index.php');
Submit a parameter in your link like index.php?logout=true, check for that parameter in your index.php and if set, delete cookies:
http://php.net/manual/de/function.setcookie.php
If you set the "lifetime" (expire) of a cookie to something in the past (or leave it out completely), it will be removed on the next pageload (do a Google search for "php delete cookie" to find help). Force a page reload, if needed.
You may also want to destroy the user's session.
Here's your HTML link
Log-out
And your PHP to handle to logging out
if(isset($_GET['logout'])) {
// clear the session variable, display logged out message
}
Use link like that:
<?php
echo( 'Log-out' );
?>
And index.php is:
<?php
$link = $_GET["link"];
if($link == "logout")
{
session_destroy();
}
?>
In the navigation menu:
Log out
In logout.php:
<?php
// kill the session
header('Location: index.php');
exit();
For killing the session, see the example at session_destroy() in the PHP manual.
Logout Link:
Log Out
logout.php
<?php
session_start();
session_destroy();
?>