I started a session $_SESSION['ProdID'] = $ProdID; earlier in my code and I started another ProdID session in another page of my script.
I want to end the first one while this new one will be active without logging out.
Create a page with any name you want.
For example you create a page named as logout.php and paste this code in it.
<?php
session_start();
session_destroy();
header('location:login_page.php');
?>
if you want to destroy all sessions , it's better to use session_destroy()
if you want to destroy specific session , you can use unset($_SESSION['']);
First destroy the current session by regenerating a new session ID to create new cookies. You can then set your values in the new session, the old session is destroyed. Optionally delete all old session variables if you don't need them any longer:
/* generate new session id and delete old session in store */
session_regenerate_id(true);
/* optional: unset old session variables */
$_SESSION = array();
/* set new value(s) */
$_SESSION['name'] = 'value';
If you still want to keep the old session ("without logging out") you can remove the true parameter so the old session is kept in store:
/* generate new session id and keep old session in store */
session_regenerate_id();
The rest would remain the same.
Try using session_destroy(); to end your current session.
Use
unset($_SESSION["ProdID"]);
Only type unset session end of code,
Like this
unset($_SESSION['ProdID']);
Related
How can I destroy a session in my database table. PHP coding will show at below :
<?php
session_start();
$session_id = session_id();
error_reporting(0);
include("db.php");
include("header.php");
if(isset($_POST['submit']))
{
$session_id=$session_id;
$actual_price=$_POST['actual_price'];
$gst=$_POST['gst'];
$granttotal=$_POST['granttotal'];
$product_id=$_POST['product_id'];
$quantity=$_POST['quantity'];
/*$product_name=$_POST['product_name'];
$product_price=$_POST['product_price']; */
foreach($product_id as $key => $pro){
$qty = filter_var($quantity, FILTER_SANITIZE_NUMBER_INT);
$pro = filter_var($pro, FILTER_SANITIZE_STRING);
/*$proname = filter_var($product_name, FILTER_SANITIZE_STRING);
$proprice = filter_var($product_price, FILTER_SANITIZE_NUMBER_INT);*/
$sql=mysql_query("INSERT INTO `checkout`(`session_id`,`actual_price`,`gst`,`granttotal`,`product_id`,`quantity`,`joinon`)VALUES ('$session_id','$actual_price','$gst','$granttotal','$pro','$qty','".date('Y-m-d')."')") or die(mysql_error());
mysql_query("delete from cart where sessionid='$session_id'");
echo ("<script>location.href='billing_info.php'</script>");
}
}
Now for my purpose I deleted a session using delete query But session deleted but when again add a product it shows a same session. Then I realise we should destroy a session so please help me.
Seems you are not working Session properly.
First store the variables in session such as :
$product_id=$_SESSION['product_id'];
$quantity=$_SESSION['quantity'];
If you want to remove the session, use the destroy session function,
session_destroy();
and unset your variables from session like this:
unset($product_id);
unset($quantity);
If I am getting it right then you want to destroy the current session so that you can reinitialize the cart according to the session id.
For destroying session in php you can use the below function after you perform the delete query successfully.
session_destroy();
For more info related to how to delete session_destroy() , you may find here the official documentation of php related to it.
Using this function this will destroy all the session variables ie; it will unset all the session variables that is stored inside the $_SESSION global variable.
But if you want to delete only specific session variable then you can use the following code:
unset($_SESSOIN['variable_name'])
For more info related to how to unset session variable
Edit : If you want to regenerate the session id then use the session_regenerate_id() function,
this is because you are using php variables session_id() which changes its value on the clearing session from browser or you open the page in different session. if you are deleting it and inserting it again with closing the browser it won't change its value.
Instead you can use this session_regenerate_id() which regenerate its value when you create it again. Here is the Manualenter link description here
After successful delete operation do this below steps
// Unset all of the session variables.
$_SESSION = array();
// Finally, destroy the session.
session_destroy();
If it does not work then let me know your PHP version
Trying to temporary store information in a multipage sign up. Because I don't want old sessions to mess with the new sign up data I'm trying to destroy the old session. The problem is the following.
Not working:
signup1.php
//Start new session
session_regenerate_id(TRUE);
session_destroy();
unset($_SESSION);
session_start();
//Store values in session
$_SESSION['created'] = time();
//Redirect to second step
header('Location: '.$settings->siteurl.'signup2.php');
exit();
signup2.php
<pre>
<?php
//Print $_SESSION (empty array)
print_r($_SESSION);
?>
Working (but returns old $_SESSION values + updated values):
//Start new session
session_regenerate_id(TRUE);
//Store values in session
$_SESSION['created'] = time();
//Redirect to second step
header('Location: '.$settings->siteurl.'signup2.php');
exit();
What could resolve the problem? First session_start(); is set in init.php but it doesn't matter if I place it above session_regenerate_id(TRUE), array stays empty.
You should use this first:
session_start(); // Starts a new or resumes an existing session
Then you may use:
session_regenerate_id(TRUE); // regenerates the active session id
The TRUE/delete_old_session parameter is used for:
Whether to delete the old associated session file or not.
The session_regenerate_id is useful to prevent session hijacking and it just regenerates a new id but keeps session data. This should be used when user's access level changes or using a time interval (i.e. after every 10 minutes) but before you regenerate another new session id you need to start the session first.
I am having problems with a custom start session.For security reasons I decide to look for a method that is safe when starting a session and I came across this tutorial and implemented the method related to start session.
The problem is that whenever I am initiating a new session variable and redirect to another page which is expecting the value from the initialized session, all my session variable that I initialed earlier on get destroyed forcing the user to logout.Below is my function I am using to start sessions:
function sec_session_start(){
$session_name = 'sec_session_id';//set a custom session Name
$secure = false;//true if are using https
$httponly = true; //this stops javascript from accessing session id
ini_set('session.use_only_cookies', 1);//FORCES session to only use cookies
$cookie_params = session_get_cookie_params();//Get current cookie params
session_set_cookie_params($cookie_params['lifetime'],$cookie_params['path'],$cookie_params['domain']
,$secure,$httponly);
session_name($session_name);//set the session name to the one set above
if (!isset($_SESSION)){session_start();}//start the php session
session_regenerate_id();//regenerate new session id and delete the old one THIS IS TO PREVENT SESSION HIJACK
}
I have searched for an answer to my problem with no luck, Please help me on this.
N.B - when I use the default session_start
everything works perfect.
You should start session, not when $_SESSION is not set.
if (!isset($_SESSION)){session_start();}//start the php session
session_regenerate_id();//regenerate new session id and delete the old one THIS IS TO PREVENT SESSION HIJACK
should be
session_start();//Start new or resume existing session
session_regenerate_id();//regenerate new session id and delete the old one THIS IS TO PREVENT SESSION HIJACK
Reference: session_regenerate_id
Try to put session_start() at top of your php code, as first instruction.
When I log a user out of an app I am building I use session_destroy();
But when I go back to the page, all session variables are still set.
How can I completely destroy all session variables and ultimately require a user to log back in again?
Here is my code:
session_unset(); // clears all session variables
$_SESSION = array();
session_destroy(); // deletes session id
Thanks
After using session_destroy(), the session cookie is removed and the session is no longer stored on the server. The values in $_SESSION may still be available, but they will not be on the next page load.
If you need to clear the values of $_SESSION, set the array equal to an empty array:
Of course, you can't access the values of $_SESSION on another page once you call session_destroy, so it doesn't matter that much.Still if you are concerned .
Try the following:
session_destroy();
$_SESSION = array(); // Clears the $_SESSION variable
you are not calling session_destroy() for sure, your code may be unable to access it.
Post more code so we could help you
I am the administrator of the site. I want unset a particular session, and I know its session id.
The users are just starting the session like this:
session_id("usernumber");
session_start();
Let’s say user A has usernumber "123".
I want to destroy all the values of the user A. User A will not regenerate the sessio_id() after setting that as session_id("123");.
How can I unset destroy only for user A?
Answer by Jack Luo on php.net
$session_id_to_destroy = 'nill2if998vhplq9f3pj08vjb1';
// 1. commit session if it's started.
if (session_id()) {
session_commit();
}
// 2. store current session id
session_start();
$current_session_id = session_id();
session_commit();
// 3. hijack then destroy session specified.
session_id($session_id_to_destroy);
session_start();
session_destroy();
session_commit();
// 4. restore current session id. If don't restore it, your current session will refer to the session you just destroyed!
session_id($current_session_id);
session_start();
session_commit();
Without reverse enginering the session handler....
<?php
session_id($_GET['killsid']);
session_start();
session_destroy() || die "failed to kill";
You could try to get session_save_path() (in this directory session files are stored).
When you are using default session names the filename looks like sess_jgimlf5edugvdtlaisumq0ham5 where jgimlf5edugvdtlaisumq0ham5 is user session id so you can just unlink this file unless you dont have permissions to edit those files.
As far as I know, the only supported way to do so with the default session handler is to impersonate the user with session_id("usernumber"); and then remove the values.
You could also store sessions in a database, which would make this all pretty straightforward, yet you need to write your own session handling code.
BTW, the session ID is supposed to be a long random string which you cannot guess. Using 123 means that any anonymous visitor can easily log in with any user credentials.