Not sure what to do... I have this on my logout page:
<?php
setcookie ("session_key", "", time() - 3600);
session_start();
$_SESSION = array();
session_unset();
session_destroy();
header('Location:login.php');
?>
but still, when a new user "signs up" after logging out they get the same session id therefore causing some issues with logging in as multiple people then have the same session id.
Ideas?
What is wrong with session_regenerate_id(true); $_SESSION = array(); ?
It seems to do exactly what you want.
Related
How do I delete the session id while trying to destroy the session ?
session_start();
$_SESSION['foo'] = 'bar';
# clear the session variable
session_unset();
# delete the session
session_destroy();
# NOW WHAT ? HOW DO I UNSET THE SESSION-ID OR DELETE IT ?
Not sure to understand the question, but dy deleting the cookie? (default name: PHPSESSID)
session_start();
session_destroy();
$args = array_merge(array(session_name(), ''), array_values(session_get_cookie_params()));
$args[2] = time() - 3600;
call_user_func_array('setcookie', $args);
session_destroy just delete the file (default handler) storing data, but if the cookie is not removed, the session id will be kept (and reused on the next call of session_start).
session_start(); // initialize the session variables
session_unset(); // clear the $_SESSION variable
if(isset($_COOKIE[session_name()])) {
setcookie(session_name(),'',time()-3600); # Unset the session id
}
session_destroy(); // finally destroy the session
The php code below is login_successful.php which is obtained after user logs in, in this page i want to display his 'username' and a logout link
<html>
<head>
<?php
session_start();
if(!session_is_registered(myusername)){
header("location:home.html");
}
?>
</head>
<body>
Welcome $myusername //here i want to display logged in user's name
Login Successful
</body>
</html>
how should i put logout link in this page without using another logout.php file.
Why use another page for logout? Do it like this
<?php
if(isset($_POST['logout'])) {
//Unset cookies and other things you want to
session_destroy();
header('Location: login.php'); //Dont forget to redirect
exit;
}
?>
<form method="POST">
<input type="submit" name="logout" />
</form>
You have to check wheter session has his username and then display, something like:
session_start();
if(isset($_SESSION['username'])){
echo "Hello, " . $_SESSION['username']);
echo "Logout"
}
You can always call session_destroy() to (guess what) destroy your sessions! From the manual:
session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie.
More important than use session_destroy() is to make sure you reseted the cookie (if any used) by setting it's time one hour back: time() - 3600, like:
setcookie ("YourCookieName", "", time() - 3600);
I am setting up a login form.
Expected Result:
Echo session username on page after successful login.
Actual Result:
Login is successful. Session username does not echo. Appears as though session username either does not exist or it is not persisting to the next page.
Is there something wrong with the code below?
LOGIN.PHP
...
session_start();
if (mysql_num_rows($result) ==1)
{
session_regenerate_id();
$row = mysql_fetch_assoc($result);
$profileid = $row['userid'];
$profile = $row['username'];
//Set session
$_SESSION['profileid'] = $profileid;
//Put name in session
$_SESSION['profile'] = $profile;
//Close session writing
session_write_close();
//Redirect to user's page
header("location: index.php?msg=userpage");
exit();
}
...
INDEX.PHP
...
<?php
session_start();
if($_GET['msg']=="userpage")
{
echo $_SESSION['profile'];
}
...
Edited:
Put session_start in php tags.
Changed HTML to INDEX.PHP.
"If" brace closed.
Changed while to if in LOGIN.PHP.
Changed username to userpage
You don't need to be opening/closing sessions, it's not worth the extra lines of code. I also don't know why you're regenerating the session ID.
But, one thing is your HTML file is badly constructed, and it almost looks like the session_start() isn't inside any PHP tags, so it's not even being treated as code.
first of all your HTML is yet PHP as it involves PHP tags only.
Replace while with if coz you only want to set the $_SESSION variables once.
And for the last part what you are looking for is this
<?php
session_start(); //at the beginning of your script
if($_GET['msg']=="username")
{
echo $_SESSION['profile'];
}
?>
Make sure you eliminate all the whitespaces before the opening of your first <?php tag on your script as that gives potential header errors.
close the if loop in html file
EDITED:
I did this simple code in my page and as per session concept is concerened The code is working fine...make corrections accordingly
p1.php
<?php
session_start();
//Put name in session
$_SESSION['profile'] = "Pranav";
//Close session writing
//Redirect to user's page
header("location: p2.php?msg=userpage");
exit();
?>
p2.php
<?php
session_start();
if($_GET['msg']=="userpage")
{
echo $_SESSION['profile'];
}
?>
FOR NEW SESSION ID
USE THIS
$a = session_id();
I am working on an online ticket booking systems where after making successful booking(after payment) I want to clear the session id. But the thing is I am not able to clear it although I have used session_destroy() to destroy the session.
NB: I have echoed the session_id to check if its reset or not.
URL: http://7sisters.in/7sislabs/
function book_final_tickets()
{
//var_dump($_SESSION);
$session_id = session_id();
$sql = "
UPDATE
tbl_seat_book
SET
final_book = 'Y'
WHERE
session_id = '$session_id'
";
//session_unset();
if($r = $this->db->executeQuery($sql)){
if(session_destroy()){
unset($session_id);
echo 'Booking successfull';
}
}
}
session_destroy() alone won't remove the client-side cookie, so the next time the user visits, they'll still have the same session id set (but their server-side session info will have been destroyed).
From the docs (emphasis mine):
session_destroy() destroys all of the data associated with the current
session. It does not unset any of the global variables associated with
the session, or unset the session cookie. ... In order to kill the
session altogether, like to log the user out, the session id must also
be unset. If a cookie is used to propagate the session id (default
behavior), then the session cookie must be deleted.
You can use session_regenerate_id(true) to generate a new session ID and delete the old one. Note that this will keep all of the information in $_SESSION as part of the new session ID, so you still need to use session_destroy if you want to clear the session info and start fresh.
e.g.
<?php
session_start();
$_SESSION['blah'] = true;
var_dump(session_id()); // q4ufhl29bg63jbhr8nsjp665b1
var_dump($_SESSION); // blah = true
session_unset();
session_destroy();
setcookie("PHPSESSID", "", 1); // See note below
session_start();
session_regenerate_id(true);
var_dump(session_id()); // gigtleqddo84l8cm15qe4il3q3
var_dump($_SESSION); // (empty)
?>
and the headers will show the session ID changing on the client-side:
Request Header
Cookie:PHPSESSID=q4ufhl29bg63jbhr8nsjp665b1
Response Header
Set-Cookie:PHPSESSID=deleted; expires=Mon, 27-Dec-2010 16:47:57 GMT
PHPSESSID=gigtleqddo84l8cm15qe4il3q3; path=/
(You can get away without the setcookie() call here, since you're creating a new session anyway, so the cookie will be overwritten by the new ID, but it's good practice to explicitly destroy the old cookie).
After destroying the session with session_destroy(), this worked for me:
setcookie('PHPSESSID',"",time()-3600,'/');
The key for me was setting the path to '/'. That was the only way to really destroy the cookie.
Call session_id before session_start, and set session_id manually .
Example 1: same session_id will be used
<?php
session_start();
echo session_id(); //4ef975b277b52
session_destroy();
session_start();
echo session_id(); //4ef975b277b52
?>
Example 2: set session_id manually (called before session_start())
<?php
session_id(uniqid());
session_start();
echo session_id(); //4ef975d3d52f5 (A)
session_destroy();
session_id(uniqid());
session_start();
echo session_id(); //4ef975d3b3399 (B)
?>
(A) != (B), so you can set session_id manually, see http://php.net/manual/en/function.session-id.php for more information.
Another solution, dont use session_id() , just create new session array:
<?php
$_SESSION['booked'] = false;
if($r = $this->db->executeQuery($sql))
{
$_SESSION['booked'] = true;
echo 'Booking successfull';
}
?>
Try this:
unset($session_id);
session_destroy();
Instead of
session_destroy();
I'd rather do only a
session_regenerate_id(true);
and you will get a new session_id
When a user logs in on our website, I want to change the session ID but keep whatever data is in the session. I want to do this for two reasons:
To prevent a user account to be used at multiple places simultaneously (because if two people are using the same account, the actions of one will undermine the actions of the other).
To let the user continue what he/she was doing on another computer (e.g moving from home computer to work).
These might seem contradictory, but really aren't if you think it through.
The problem is as follows; to get to the data that is currently in the session, I have to call session_start(). This means I cannot call session_id() afterwards to set a new session ID. Any ideas how to transfer the session data and change the session ID.
Update: I need to be able to choose the session ID myself. session_regenerate_id() therefore won't work.
You might be able to use session_regenerate_id():
<?php
session_start();
$old_sessionid = session_id();
session_regenerate_id();
$new_sessionid = session_id();
echo "Old Session: $old_sessionid<br />";
echo "New Session: $new_sessionid<br />";
print_r($_SESSION);
?>
or even a cruder approach might work:
// save the session
session_start();
$session = array();
foreach ($_SESSION as $k => $v) {
$session[$k] = $v;
}
session_commit();
// create new session and copy variables
session_id("new session id");
session_start();
foreach ($session as $k => $v) {
$_SESSION[$k] = $v;
}
Use this. Put it to a function:
function update_session($newsessid = '') {
// Backup the current session
$session_backup = $_SESSION;
// Set current session to expire in 1 minute
$_SESSION['OBSOLETE'] = true;
$_SESSION['EXPIRES'] = time() + 60;
// Close the current session
session_write_close();
// Set a new session id and start the session
$newSession = session_id($newsessid);
session_start();
// Restore the previous session backup
$_SESSION = $session_backup;
// Clean up
unset($session_backup);
unset($_SESSION['OBSOLETE']);
unset($_SESSION['EXPIRES']);
}
You would then call it when required:
update_session($customid);
Or, you may just be able to use something like this:
$path=session_save_path();
$whatever_session_id;
pass these variables to the next page:
session_id()=$whatever_session_id;
session_save_path()=$path;
You'd be setting the path of the new session id to the old session data....
I don't know if this is really what you'd want, be here it is.