session_regenerate_id doesnt work together with sesion_destroy

session_regenerate_id doesnt work together with sesion_destroy - php

I found session_regenerate_id will not work it together with session_destroy(), please see
this one works
<?php
session_start();
$old='old is: '.session_id();
session_regenerate_id(true);
echo $old;
echo '<br>';
echo 'new is: '.session_id();
?>
this one failed, return 2 same session id numbers
<?php
session_start();
$old='old is: '.session_id();
session_regenerate_id(true);
session_destroy();
session_unset();
session_start();
echo $old;
echo '<br>';
echo 'new is: '.session_id();
?>
I use php 5.3.3, the second one is a recommended method to produce a new session, but why it does not work on my side.
thanks everyone,after tests, I found session_destroy must be invoked before session_regenerate_id(), or session_regenerate_id never works.
<?php
session_start();
$_SESSION['abc']=12323;
$old='old is: '.session_id();
session_unset();
session_destroy();
session_start();
session_regenerate_id(true);
echo $old;
echo '<br>';
echo 'new is: '.session_id();
?>

session_start();
$old='old is: '.session_id();
session_destroy();
session_start();
session_regenerate_id(true);
echo $old;
echo '<br>';
echo 'new is: '.session_id();

Place
session_unset();
above session_destroy(); or remove session_unset(); completely. As you are destroying the session.
Try this code:
<?php
session_start();
$oldSessionId ='Old session ID is: ' . session_id() . '<br />';
echo $oldSessionId;
session_destroy();
session_start();
session_regenerate_id(true);
echo 'New session ID is: ' . session_id();
?>
You can also add in the following code after session_destroy() if you wish
setcookie(session_name(),'',0,'/');
Hope this helps

You should destroy session first. Try this:
session_destroy();
session_unset();
setcookie(session_name(), null, 0, "/");

Related

How to avoid accessing session variables in php after logout?

I have a profile page in my website that welcomes the user with his/her name using session variable. After I unset this variable, the page can still access that name. I cannot properly erase the data.
I've tried to set it to null, session_unset and session_destroy
<?php #session_start(); ob_start(); ?>
//Some HTML code here
<?php
if( isset($_SESSION["user"]) && $_SESSION["login"]) {
echo '<div><p>welcome ' .$_SESSION["user"]. '!</p></div>';
echo
"<form action='' method='post'>
<input type='submit' name='use_button' value='Log out' />
</form>";
if(isset($_POST['use_button'])) {
$_SESSION["login"] = false;
unset($_SESSION["user"]);
session_unset();
echo "logout successful.";
echo '<script>window.location.href = "same-page.php";</script>';
}
}
else
echo 'no login data.';
?>
//Some HTML code here
<?php ob_end_flush(); ?>
I expected that after the redirect, the first if condition would not be satisfied and it gives the output 'no login data' but it still can access the session variables.
External php file:
<?php
session_start();
$_SESSION["user"] = '' ;
$_SESSION["login"] = false ;
echo '<script>window.location.href = "../profile.php";</script>';
?>

I think you can do this by destroying the session by using session_destroy() Method.
session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.
You can more about it from session_destroy()

here you are doing session destroy but you also need to do unset that particular variable from sessions array just like below before destroying session.
unset($_SESSION['user']);

Put this line immediately after your redirect line
echo '<script>window.location.href = "same-page.php";</script>'; // redirect
exit; // close current php script after redirect

PHP session not logging out / unset

I know this question has many duplicates, but I tried several of them and none of those have been answered.
Here is my code for logout.php:
<?php
session_start();
require './codefiles/dbhelper.php';
$dbh = new DbHelper();
$dbh->Execute('UPDATE surveyors SET LoggedIn=\'0\', SessionID=\'\' WHERE Username=\''.$_SESSION['username'].'\'');
session_unset();
session_abort();
session_destroy();
$_SESSION = array();
unset($_SESSION['username']);
unset($dbh);
header('location:index.php');
?>
But the session variables are just too "stubborn" to be removed. Neither session values are being cleared not the session variables are being removed. Object $dbh is being unset but not $_SESSION['username'];
Another unrelated problem, despite I am setting the LoggedIn = 0, in my SQL query, it just stays as 1 in database. LoggedIn field is of type 'bit'. SessionID field is set to blank though.
Any solutions please?
EDIT:
Removed echo $dbh->error as it was unnecessary.
EDIT 2:
Added session_destroy() as suggested by Hossam Magdy.

<?php
include 'codefiles/dbhelper.php';
if(!isset($_SESSION['id']))
{
header ("Location: login_form.php");
}
else
{
session_destroy();
die('You have been logged out.<meta http-equiv="refresh" content="0;url=login_form.php">');
}
?>
This is basically the "Logout" structure.

I don't know why, but the code for destroying the sessions was somehow not working in logout.php. It worked in index.php and other files, but will all sorts of unpredictable behavior.
Found a workaround to circumvent the problem. The logout.php has code as below:
<?php
session_start();
$_SESSION['logout'] = TRUE;
header('location:index.php');
?>
And add this code to index.php:
# Implement logout functionality
<?php
session_start();
if(isset($_SESSION['logout']) && $_SESSION['logout'] == TRUE){
foreach($_SESSION as $var => $value){
unset($_SESSION[$var]);
}
session_destroy();
session_unset();
}
?>
It may not be a standardized solution, but the code works for me every time, with no unpredictable behavior.
Thanks everyone for sharing their ideas.

Try this
<?php
session_start();
require './codefiles/dbhelper.php';
$dbh = new DbHelper();
$dbh->Execute('UPDATE surveyors SET LoggedIn=\'0\', SessionID=\'\' WHERE Username=\''.$_SESSION['username'].'\'');
echo session_status() . '<br />';
session_unset();
session_destroy();
echo session_status();
// header('location:index.php');
Let's see what session_status() says.
But on my projects unset && destroy work.

session can not be cleared

Look at the example code directly:
<?php
// page1.php
session_start();
echo 'Welcome to page #1';
$_SESSION['favcolor'] = 'green';
$_SESSION['animal'] = 'cat';
$_SESSION['time'] = time();
echo '<br />page 2';
?>
And another page:
<?php
// page2.php
session_destroy();
session_unset();
session_start();
echo 'Welcome to page #2<br />';
echo $_SESSION['favcolor']; // green
echo $_SESSION['animal']; // cat
echo date('Y m d H:i:s', $_SESSION['time']);
echo '<br />page 1';
?>
Although I call session_destroy(), session_unset(), I still get the data coming from page1. why? and how to really clear the session? Thanks!

This should do the trick
session_start();
$_SESSION = array();
session_unset();
But just for clarity, this is happening to you because you have to call session_start() first
session_start();
session_destroy();
session_unset();

You have to start the session first on the second page page2.php.Put session_start(); at the top on second page.

Help me with Php session vs Header redirect?

I have the following pages:
page1.php
<?php
if (isset($_GET['link'])) {
session_start();
$_session['myvariable'] = 'Hello World';
header('Location: http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['REQUEST_URI']) . '/page2.php');
exit;
}
?>
Click Here
page2.php
<?php
print 'Here is page two, and my session variable: ';
session_start();
print $_session['myvariable']; //This line could not output.
exit;
?>
When I try output $_session['myvariable'] I did not get the result hello world message.
I could not find out the solution to fix it?

$_SESSION not $_session. Uppercase.
error_reporting(E_ALL); at the top of the script always helps in such case

session_start() has to be called before you send any output as it relies upon cookies to store the ID.
Also $_SESSION is uppercase

<?php
session_start();
echo $_SESSION['myvariable'];
echo 'Here is page two, and my session variable: ';
exit;
?>
HTTP headers must be the very first output, so session_start() must be at the top of your code.
Other notes:
* $_SESSION should be uppercase.
* Echo > print

get pre-session-id ,but next php file still create a new session

01.php:
<?php
$savepath="./se/";
$lifetime=10*3600;
session_save_path($savepath);
session_set_cookie_params($lifetime);
session_start();
$_SESSION['name']="aaajjj";
echo "name:".$_SESSION['name']."<br>";
$snid=session_id();
echo "snid:".$snid."<br>";
$url="next";
echo $url;
?>
02.php:
<?php
session_id($_GET['s']);
$snid01=session_id();
echo"snid01:".$snid01."<br>";
session_start();
$snid02=session_id();
echo"snid02:".$snid02."<br>";
if(isset($_SESSION['name'])){
echo "name:".$_SESSION['name']."<br>";
}else{
echo"close";
}
session_destroy();
?>
01.php output:
name:aaajjj
snid:aaaaaaaaa
next
02.php output:
snid01:aaaaaaaaa
snid02:bbbbbbbbb
close
the pre-session-id already get from \next</a>,but 002.php still create a new session.

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

session_regenerate_id doesnt work together with sesion_destroy - php

session_start(); $old='old is: '.session_id(); session_destroy(); session_start(); session_regenerate_id(true); echo $old; echo '<br>'; echo 'new is: '.session_id();

You should destroy session first. Try this: session_destroy(); session_unset(); setcookie(session_name(), null, 0, "/");

Related

How to avoid accessing session variables in php after logout?

PHP session not logging out / unset

session can not be cleared

Help me with Php session vs Header redirect?

get pre-session-id ,but next php file still create a new session

Categories

Resources