I have 3 login forms in my page, clicking logout is destroying all the sessions and logging them all out.
I know that session_destroy() destroys all the data associated with the current session but could i give it a parameter or is there any way to specify which session to destroy?
I have tried using unset without the session_destroy but it won't logout the user
Code edited:
<?php
if(isset($_GET['auth'])){
if($_GET['auth']=='parent'){
session_name('parent');
session_start();
if(isset($_SESSION['parent']))
unset($_SESSION['parent']);
session_destroy();
}}
if(isset($_GET['auth'])){
if($_GET['auth']=='employee'){
session_name('employee');
session_start();
if(isset($_SESSION['employee']))
unset($_SESSION['employee']);
session_destroy();
}}
if(isset($_GET['auth'])){
if($_GET['auth']=='student'){
session_name('student');
session_start();
if(isset($_SESSION['student']))
unset($_SESSION['student']);
session_destroy();
}}
header("Location: login.php");
?>
I have added session_name to get different sessions, i am able to destroy the session but i can't have multiple sessions in the same page!
Please use session_start(); once at the top of the page.
After successful login, please check all the sessions that is set, for example in your case.
$_SESSION['parent'];
$_SESSION['employee'];
$_SESSION['student'];
session_name(''); will override the previous session's name, so you don't have to use session_name here.
If you check there is a value for specific session or the session name is exist
unset($_SESSION('your_session_key'));
Hope it will work.
Thanks
Related
I have a logout button in both panels, and I have set SESSION according to their panels. If I click on the logout button in the admin panel, it will also log me out in the user panel. I have the same code for both the logout buttons.
<?php
session_start();
session_destroy();
header("location:login.php");
?>
you can use unset instead of session_destroy
session_start();
if($_SESSION['admin']){
unset($_SESSION['admin']);
}
elseif($_SESSION['user']){
unset($_SESSION['user']);
}
header("Location:login.php");
Here you go:
<?php
$_SESSION['user']['login'];
$_SESSION['admin']['login'];
?>
If you want to destroy any of them just unset:
unset($_SESSION['user']['login'];)
NOTE : session_destroy — Destroys all data registered to a session
so use unset
differentiate the user by setting session variable
set session for user
$_SESSION['user']['username'];
set session fro admin panel
$_SESSION['admin']['username'];
you don't destroy the whole session just unset the particular session using unset
unset($_SESSION['admin']['username']); // will delete just the name data
Use different SESSION key instead.
like $_SESSION['admin'] and $_SESSION['user'];
There are two login pages and if one page is logged out other also automatically getting logged out how to change that?
adminlogout.php
<?php
session_start();
unset($_SESSION['ADMIN_UNAME']);
session_destroy();
header("location: adminlogin.php?logout=true");
?>
logout.php
<?php
session_start();
unset($_SESSION['SESS_MEMBER_ID']);
session_destroy();
header("location: login.php");
?>
Please remove session_destroy() function. session_destroy() delete complete session information for request with sessionid from the server. Hence both scripts logouts.
adminlogout.php
<?php
session_start();
unset($_SESSION['ADMIN_UNAME']);
header("location: adminlogin.php?logout=true");
?>
logout.php
<?php
session_start();
unset($_SESSION['SESS_MEMBER_ID']);
header("location: login.php");
?>
When you use session_destroy(); you completely remove everything the server knows about your current session. Note a session survives while the current browser instance is open, if you destroy the session you destroy all the session globals.
If you want to logout of just the admin or a normal user you should just change a session variable to reflect that.
As the others already pointed out, the problem is the call of session_destroy() as this destroy the whole session.
But I'd like to add that you should maybe consider using a multidimensional array in your session for different purposes or, what is even better, use different sessions as they are in completely different areas (e.g. the admin session should definitely not be shared with a normal user session, using HTTPS cookies, etc.).
unset the session variable or make the session variable as empty in logout.php
adminlogout.php
<?php
session_start();
$_SESSION['ADMIN_UNAME']='';
header("location: adminlogin.php?logout=true");
?>
logout.php
<?php
session_start();
$_SESSION['SESS_MEMBER_ID']='';
header("Location:login.php");
?>
I have a small website using a session to check for an user login.
When the user click logout the are being redirected to a page containing only session destroy.
The code is as followed:
<?php
session_start();
if(session_destroy()) {
$_SESSION = array();
header("Location: http://domain.com/");
}
exit();
?>
I've tried to remove the if statement to check for any problem when destroying the session.
I have even used unset and setting the array to empty.
Still when redirected to the domain homepage the user is still logged in and the session is still set.
Also i tried to unset the specific session and still nothing happens.
--
Update:
The session is not even being return as an empty value. Echoing the session after logout still returns the value of the username.
This answer should help. As Roland Starke mentioned in a comment, session_destroy will not remove a cookie.
https://stackoverflow.com/a/3512570/3563178
try this.
<?php
session_start();
if(session_destroy()) {
echo '<meta http-equiv="refresh" content="0;URL=http://domain.com">';
}
exit();
?>
I think the header is throwing an error in this particular case of yours. hmmmm.....(Header already sent)...
I created a log out page and calling it through a href link but it not working the session was not destroying. Help me, the code n link are below.
logout.php
<?php
session_start();
session_unset();
session_destroy();
header("location:index.php");
?>
Make sure the file is on same server.
Write this code on the very top of everything else.
Additionally use this code
session_unset();
session_write_close();
session_destroy only destroys session on server end not the cookies, make sure you are not using cookies, if yes then see below code
To Set cookie
setcookie("cookieName", $value, time()+3600);
To Unset Cookie
setcookie("cookieName", $value, time()-36000);
More details about session: PHP: session_destroy - Manual
You probably need to regenerate the session ID:
session_regenerate_id();
In my working platform i endedup with a session_destroy problem
function logout()
{
$_SESSION['id'] = '';
session_destroy();
}
Here i unset the session id variable with a null value and uses the session_destroy() function to destroy the session.
But the problem is that after logged out from my account, when i press the back button of the browser it shows the status as logged in. Even i can browse through the profile and links of my account.
Thank you
you must unset session as well as destroy session to remove it completely from your system.
you can do it with php functions..
session_unset(); or you can use unset($_SESSION);
session_destroy();
it think you should try using session_unset()
In order to kill the session altogether, like to log the user out, the session id must also be unset.
If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that
<?php
session_start();
$sessionName = session_name();
$sessionCookie = session_get_cookie_params();
session_unset();
session_destroy();
setcookie($sessionName, false, $sessionCookie['lifetime'], $sessionCookie['path'], $sessionCookie['domain'], $sessionCookie['secure']);
?>
Try this:
unset($_SESSION);
session_destroy();
session_regenerate_id();
Instead of rolling your own session code and possibly missing something, try using Zend_Session:
http://framework.zend.com/manual/en/zend.session.html
The constructor of Zend_Session_Namespace will automatically call session_start(), and likewise the Zend_Session::destroy() method will clean everything up in a logout script. Most of the work has already been done for you.