my problem is that the session variable did not get unset when running the below code.
what is wrong?
<?php
session_start();
session_unset();
//session_destroy();
header("location: user_form.php");
?>
You've not actually created a session you've started the session engine but not created a session variable.
If you have a session variable $_SESSION['userid'] for example then you can just unset that value or expire it or set its value to something that would fail your if clause for your header redirect.
Usually I do something like:
<?php
session_start();
if(!empty($_SESSION) && is_array($_SESSION)) {
foreach($_SESSION as $sessionKey => $sessionValue)
session_unset($_SESSION[$sessionKey]);
}
session_destroy();
header("Location: user_form.php");
?>
Try this syntax (use a variable name in unset):
<?php
session_start();
if(isset($_SESSION['views']))
unset($_SESSION['views']);
?>
I'm guessing you already have variables within your session set, otherwise there would be nothing to "unset".
With session_unset the session itself would still exist, as it's just the equivalent of doing:
$_SESSION = array();
Unless of course you're using PHP 4.0.6 or below, then you would be expected to use:
unset ($_SESSION['varname']);
as per session_unset.
There isn't anything "wrong" with your code so to speak.
Related
I've got a problem with session_start() function.
This is the first time I met this problem, I have a few session variables. When I open logout.php file, session is destoryed. But then, when I call session_start(), all the previous session variables "revive".
logout.php
session_destroy();
header('Location: login.php');
Even when I delete all the $_SESSION data manually like:
$_SESSION = array();
those variables are still there after calling session_start();
I have no idea why does session_start work like that.
I hope you can help me, thanks in advance!
I am trying to get rid of a bunch of session variables in PHP. I mean completely get rid of them.
I have tried some different approaches. For example:
$_SESSION = array();
session_destroy();
header('location: '.MAINPATH);
I have also tried using various compinations of session_unset, unset, setcookie etc. with the above commands.
I have of course tested if the session variables remains by doing:
echo $_SESSION['member_id'];
All of my session variables still remains for som reason.
Can anyone figure out what the problem might be?
Any help is greatly appreciated.
FWI: I am using PHP 5.5
UPDATE:
I tried changing my code to the following:
echo $_SESSION['member_id'];
session_unset();
session_destroy();
echo $_SESSION['member_id'];
which resulted in this output:
1000004 Notice: Undefined index: member_id in...
This should mean that the session variable is deletede right? The weird thing is, that when I am going back to my front page, the session variable is available again.
One more time, can you do a quick try:
<?php
session_start();
$helper = array_keys($_SESSION);
foreach ($helper as $key){
unset($_SESSION[$key]);
}
?>
you can use this code :-
session_start();
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(),'',0,'/');
session_regenerate_id(true);
use within php tag
You can use session_unset() to clear all session variables.
I am newbie in php. I can not under stand a thing that session variable is outputting even after session_destroy() and session_unset().Here is my simple code for test
`session_start();
SESSION['name']='sovon';
session_destroy();
session_unset($_SESSION['name']);
echo $_SESSION['name'];
`
The output is 'sovon'. My question what is session_destroy() and session_unset() doing here and whats the difference between them?
Oh! when I am deleting session_destroy() that variable is getting unset. why?
I got it faisal, session_distroy is destroying session if its created in other pages. If the session variable created on the same page then it will be remain. The best practice is to null the session variable after session distroY $_SESSION = NULL;
Like I am using in logout,
session_start();
session_distory();
$_SESSION = NULL;
header('Location: Login.php');
I think this help you.
Perhaps its easier if you read the php manual.
session_destroy()
session_destroy() destroys all of the data associated with the current
session. It does not unset any of the global variables associated with
the session, or unset the session cookie. To use the session variables
again, session_start() has to be called.
So if you want to unset the data inside. You have to unset it.
unset($_SESSION);
Session unset...
session_unset()
deletes all variables and leave session_id. But session_unset has no parameters.
What you search is
unset($_SESSION['name']);
The following works perfectly in all browsers to kill and destroy and unset all session info. Perfect to put it in sign-out file.
<?php
session_start();
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(),'',0,'/');
session_regenerate_id(true);
?>
I tried to destroy all session variable by using the session_destroy() method, but after using this method, the values are not destroyed.
Why is session_destroy() not working?
Is there any other way to destroy the session in PHP?
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800))
{
session_destroy();
session_unset();
}
Perhaps is way too late to respond but, make sure your session is initialized before destroying it.
session_start() ;
session_destroy() ;
i.e. you cannot destroy a session in logout.php if you initialized your session in index.php. You must start the session in logout.php before destroying it.
After using session_destroy(), the session is destroyed behind the scenes. For some reason this doesn't affect the values in $_SESSION, which was already populated for this request, but it will be empty in future requests.
You can manually clear $_SESSION if you so desire ($_SESSION = [];).
If you need to clear the values of $_SESSION, set the array equal to an empty array:
$_SESSION = array();
Of course, you can't access the values of $_SESSION on another page once you call session_destroy, so it doesn't matter that much.
Try the following:
session_destroy();
$_SESSION = array(); // Clears the $_SESSION variable
I had to also remove session cookies like this:
session_start();
$_SESSION = [];
// If it's desired to kill the session, also
// delete the session cookie.
// Note: This will destroy the session, and
// not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
Source: geeksforgeeks.org
Actually, it works, but you also need to do $_SESSION = array(); after the session_destroy to get rid of $_SESSION variables. However, avoid doing unset($_SESSION) because that makes sessions useless.
Well, this seems a new problem for me, using a new php server. In the past never had an issue with sessions not ending.
In a test of sessions, I setup a session, ran a session count++ and closed the session. Reloaded the page and to my surprise the variable remained.
I tried the following suggestion posted by mc10
session_destroy();
$_SESSION = array(); // Clears the $_SESSION variable
However, that did not work. I did not think it could work as the session was not active after destroying it, so I reversed it.
$_SESSION = array();
session_destroy();
That worked, reloading the page starting sessios and reviewing the set variables all showed them empty/not-set.
Really not sure why session_destroy() does not work on this PHP Version 5.3.14 server.
Don't really care as long as I know how to clear the sessions.
session_destroy() is effective after the page load is complete. So in the second upload, the session is terminated. But with unset() you can also log out from within the page.
if you destroy the session on 127.0.0.1 it will not affect on localhost and vice versa
It works , but sometimes it doesn't (check the below example)
<?php
session_start();
$_SESSION['name']="shankar";
if(isset($_SESSION['name']))
{
echo $_SESSION['name']; // Outputs shankar
}
session_destroy();
echo $_SESSION['name']; // Still outputs shankar
Weird!! Right ?
How to overcome this ?
In the above scenario , if you replace session_destroy(); with unset($_SESSION['name']); it works as expected.
But i want to destroy all variables not just a single one !
Yeah there is a fix for this too. Just unset the $_SESSION array. [Credits Ivo Pereira]
unset($_SESSION);
Add session_start(); before !Doctype Declaration
<?php session_start(); ?>
<!doctype html>
<html>
<body>
<?php
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800))
{
session_destroy();
session_unset();
}
?>
</body>
</html>
I'm not a PHP developer here.
I have a page that is unable to display session values even though they definitely exist. I am able to view them on another page, yet for some reason they cannot be seen on a certain page!?
EDIT:
Below is the script that exists on the top of the page
<?php
require_once('eu_gl.php'); // <- includes session_start() in it
if(!session_id()) session_start(); // added this in case, but should not be needed
?>
Contents of the include:
<?php
/*** Global include file **/
set_time_limit(300);
$time1 = microtime();
define('APP_SESS_NAME', 'EURA');
session_name(APP_SESS_NAME);
session_start();
session_set_cookie_params(0);
//...
?>
As #k102 mentioned, ensure you have session_start(); somewhere before you set/get your session variables. print_r($_SESSION); can also be handy in showing you what session information exists ...
I personally would modify your code to have this:
if (!isset($_SESSION)) session_start();
if (!isset($_SESSION['count'])) {
$_SESSION['count'] = 0;
} else {
$_SESSION['count']++;
}
print_r($_SESSION);
First point is :
better try
if(session_id() == "" ) session_start();
instead of
if(!session_id()) session_start();
as session_id wont return false.
php manual:
session_id() returns the session id for the current session or the
empty string ("") if there is no current session (no current session
id exists).
Second point is that session_start shall be the very first thing on your page unless you really need sthg else, but I can't see any reason in your code.
You have to make 2 php file for checking $_SESSION, session used for storing variable so you can use it in all page of your website.
test.php:
set_time_limit(300); // Timeout for script
$time1 = microtime(); // What this variable do in your script
define('APP_SESS_NAME', 'EURA'); // set constant APP_SESS_NAME
session_name(APP_SESS_NAME); // name session APP_SESS_NAME
session_start(); // start session
session_set_cookie_params(0); // this line must be called before session_start();
if(!session_id()) session_start(); // Delete this line
$_SESSION['name']= "test"; // set variable session with params name for checking session
test2.php:
define('APP_SESS_NAME', 'EURA'); // set constant APP_SESS_NAME
session_name(APP_SESS_NAME); // name session APP_SESS_NAME
session_start(); // start session
echo $_SESSION['name']; // check session is valid
I think you should understand about Session now.
Seems the naming of the session was the issue. Tt was named in the include: session_name(APP_SESS_NAME), then it seems I have to use that session name when starting it elsewhere.