We Keep Coding

Session_unset and session_destroy not working

Was just wondering why my code isn't working here:
<?php
session_start();
if (isset($_SESSION)) {
session_unset();
session_destroy();
}
?>
I've tried printing out the result of echo isset($_SESSION) and it returns true, and my pages that require login are still allowing me to access them.

You must definitely define a variable as session
for example:
LOGIN
<?php
session_start();
if($_POST['username']){
$_SESSION['username'] =$_POST['username']; // session run
}
?>
LOGOUT
<?php
session_start();
if($_POST['LOGOUT']=='exit'){
#session_unset();
}
?>
You can also use
unset($_SESSION['username']);
instead of
session_unset();

how to make logout button properly work in HTML

I have designed a website and there is a logout option in sub menu.The code is in HTML and is here:-
<p>logout</p>
Now this successfully brings me back to the adminlogin.php page but after that whenever I press the back button present at the top of web browser I go to that page again where I was before pressing logout button. But this should not happen if I have pressed the logout button then there should be no way to go back to that page unless I login again

To avoid browser back button after logout:
You Have To Add the top of each page, to check if the user is logged
in. If not, they should be redirected to a login page:
Example:
<?php
if(!isset($_SESSION['username']) && !isset($_SESSION['useremail'])){
header("Location: login.php"); // redirect to login page or index page if email and username is not set in session
}
?>
Now on Logout page, Simply unset the username and useremail
session variable, and destroy the session or ( Cookies). what you set.
Example:
<?php
if(isset($_GET['logout'])) {
session_start();
session_destroy();
unset($_SESSION["username"]);
unset($_SESSION["useremail"]);
header('Location: index.php');
exit;
}
?>
Working CODE For All Pages After User Login: Home.php about.php contact.php etc..
Example:
<?php
// After User Login and come to home page.
require 'database_conn.php'; // Connection
session_start(); // Session start
?>
<?php
// If User is Not Login Then Redirect to `index` Page Automatically
//if(!isset($_SESSION['username']) && !isset($_SESSION['useremail']))
if(!isset($_SESSION['useremail'])){
header("Location: index.php");
// Redirect to index page if email is not set in session
}
?>
Working CODE For to Logout User: Logout.php
Example:
<?php
// After User Click On Logout page.
require 'database_conn.php'; // Connection
session_start(); // Session start
?>
<?php
if(isset($_POST['logout'])) {
if(isset($_SESSION['useremail'])){
unset($_SESSION["useremail"]);
session_destroy();
session_unset();
header('Location: index.php');
}
}
?>
Simple Logout Button
Logout
logout.php
<?php
if(isset($_GET['logout'])) {
session_start();
session_destroy();
header('Location: login.php');
exit;
}
?>
Or If Cookie Set Then
<?php
if(isset($_GET['logout'])) {
unset($_COOKIE['access_token']);
header('Location: login.php');
exit;
}
?>

You need session to do this.
So basically when you logged in you need to set session variable like
$_SESSION['loged_in']=1; // set session with desired name
And on logging out you need to destroy this session value
unset($_SESSION["loged_in"]); // unset specific session
or
session_destroy(); // destroy al
And most important part you need to check for this session value on each page where you don't want user to go with out log in. like
if(isset($_SESSION['loged_in']) && !empty($_SESSION['loged_in'])) {
redirect('login.php'); // redirect to log in page
}

Logged but can't access page for logged users?

I'm pretty noob in PHP but I'm trying to exercise. Since yesterday I'm on a problem I can't even understand, I thought my code was correct but it seems wrong
So here is my function to allow pages for logged users only
functions.php
function logged_only()
{
if(session_status() == PHP_SESSION_NONE)
{
session_start();
}
if(!isset($_SESSION['auth']))
{
$_SESSION['flash']['danger'] = "You can't enter this page - not logged in";
header('Location: login/login.php');
exit();
}
}
So It's supposed to redirect me to login page if I'm not logged-in, simple
login.php
elseif(password_verify($_POST['password'], $user->password)){
$_SESSION['auth'] = $user;
$_SESSION['flash']['success'] = 'You're now connected';
header('Location: ../profile.php'); // user's homepage
exit();
There is some code above and under this, but it works pretty good.
So in this case the script should insert user's informations into his $_SESSION but it does nothing but redirect me at login.php. Also, the "profile.php" only contains "logged_only();" and a print_r (when I delete the redirection to login.php) of the $_SESSION, which shows nothing but "You can't access this page" (as I'm sending a message via $_SESSION)
Someone to guide me ? Thanks

You maybe should read about the session_start() in PHP: PHP Manual
In short words: session_start() starts a new session or recovers the already existing session with the client.
So after each redirect (also to your login.php) you need to call session_start().
There is no need for
if (session_status() == PHP_SESSION_NONE){
session_start();
}
You should only use
session_start();
(In both, your functions.php and your login.php) before accessing the $_SESSION variable.
functions.php
function logged_only(){
session_start();
if(!isset($_SESSION['auth'])){
$_SESSION['flash']['danger'] = "You can't enter this page - not logged in";
header('Location: login/login.php');
exit();
}
}
login.php
session_start();
// ... Rest of code
elseif(password_verify($_POST['password'], $user->password)){
$_SESSION['auth'] = $user;
$_SESSION['flash']['success'] = 'You're now connected';
header('Location: ../profile.php'); // user's homepage
exit();

How to destroy only one session and other session are working as on

<?php
include('session_sty_chk.php');
session_start();
if(session_destroy()) // Destroying All Sessions
{
//echo "<script>alert('$login_sessionn log out successfully');</script>";
echo"<script>window.location.href = 'index_sty_chk.php';</script>";
//header("Location: index.php"); // Redirecting To Home Page
}
?>
above code is session destroy code.
In my application i am create two session
Session name:-
1:-admin,
2:-society user
when i am click on logout button then destoy the bothe admin and society user session.
So sir i want destoy only society user session in the application so help me to solve it.

unset($_SESSION['society user']);
use this code

From the php website:
<?php
$session_id_to_destroy = 'nill2if998vhplq9f3pj08vjb1';
// 1. commit session if it's started.
if (session_id()) {
session_commit();
}
// 2. store current session id
session_start();
$current_session_id = session_id();
session_commit();
// 3. hijack then destroy session specified.
session_id($session_id_to_destroy);
session_start();
session_destroy();
session_commit();
// 4. restore current session id. If don't restore it, your current session will refer to the session you just destroyed!
session_id($current_session_id);
session_start();
session_commit();
?>
Link: http://php.net/manual/en/function.session-destroy.php#114709

Can't logout mysql and php

I have created a login/logout system in my application but it's not working even using session_start();, session_destroy(); and session_unset (); etc.
Here is what I have done so far:
the first page (login)
<?php
if(
!isset($_SERVER['PHP_AUTH_USER'])||
!isset($_SERVER['PHP_AUTH_PW'])||
($_SERVER['PHP_AUTH_USER'])!="admin"||
($_SERVER['PHP_AUTH_PW']!="admin")
)
{
header('WWW-Authenticate: Basic realm="Accès refusé"');
echo 'Accès refusé';
exit;
}
else
session_start ();
$_SESSION['PHP_AUTH_USER'] = "admin";
$_SESSION['PHP_AUTH_PW'] = "admin";
echo '
and this is the logout part
<?php
session_start();
session_unset ();
session_destroy();
header("Location: index.php");
die;
?>
The problem is that the session is not destroyed, even when clicking the logout button.

You are using http authentication
Cookies and Sessions does not have any influence on http authentication
"No correct way exists" to logout.
Create another login/logout system, it's not hard.