I am able to login with an integrated login system for my site and phpBB3. I am unable to
logout... I tried destroying the session, or used ->logout();
I log in as:
$phpBBusername = $_SESSION['username'];
$phpBBpassword = $_SESSION['pswd'];
$result = $auth->login($phpBBusername, $phpBBpassword);
Maybe you've already found the answer but anyway:
<?php
define('IN_PHPBB', true);
$phpbb_root_path = '../phpBB3/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include("../phpBB3/common.php");
$user->session_kill();
echo 'Logged out successfully!';
?>
Why not call the PHPBB log out routine and pass your session ID. ie: forums.yourphpbbforum.com/ucp.php?mode=logout&sid=d8588ab20cf81e7234342523
public function myphpbb_logout()
{
define('IN_PHPBB', true);
global $phpEx, $user, $db, $config, $cache, $template;
$phpEx = 'php';
$phpbb_root_path = ('.\/forum\/');
require_once($phpbb_root_path . 'common.php');
set_include_path(get_include_path.PATH_SEPARATOR.$phpbb_root_path);
//logout user
$user->session_kill();
$user->session_begin();
$user->session_kill();
}
Note you need to kill the session TWICE :)
Observe the following code for effecting a full clearing down of the PHP session and associated cookie information:
<?php
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
This should do what you need.
Related
Can Not Delete Session And Cookie
I am new to PHP sessions.
I have used cookies plenty in the past.
I can't seem to get rid of this cookie - no matter what I do!
I seem to be able to clear the session - but the cookie remains.
I have tried all of these: .. and MORE:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
if (isset($_SERVER['HTTP_COOKIE'])) {
$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
foreach($cookies as $cookie) {
$parts = explode('=', $cookie);
$name = trim($parts[0]);
setcookie($name, '', time()-1000);
setcookie($name, '', time()-1000, '/');
}
}
?>
above from: http://php.net/manual/en/function.session-destroy.php
<script>
var cookies = document.cookie.split(";");
for (var i = 0; i < cookies.length; i++)
eraseCookie(cookies[i].split("=")[0]);
</script>
What would be some of the reasons why the cookies does not delete?
This is because of the working of a session in php. What happens is when you start a session a unique string is generated which acts as the cookie value for the session . All the data that you are storing inside the session are stored in a file corresponding to the unique string. Now when you destroy a session it does not destroy the session string but rather than that it destroys the values corresponding to that string that is stored on the server.
So even though the cookies are there but there is no data corresponding to it and hence for the next request the session would effectively be empty.
I have this code for Login where I am storing following in the session variables:
if($do == "login") {
session_start();
$_SESSION["valid"] = true;
$_SESSION["studentUniqueId"] = $user_row['studentUniqueId'];
$_SESSION["loginName"] = $loginName;
$_SESSION["timeout"] = $now;
}
Session file looks likethis:
valid|b:1;studentUniqueId|s:5:"10001";loginName|s:13:"abc#gmail.com";timeout|s:19:"2015-07-01 18:26:32";
Also the code for logout where I am destroying the user session:
if($do == "logout") {
session_start();
$_SESSION = array();
session_unset();
session_destroy();
}
After logout the session files contains:
valid|b:0;
Even I have used session_destroy(), after logout the session file exist with valid|b:0; on my servers Temp directory and the size of the temp directory increases considerably.
I want to get rid of these files after session_destroy()/logout which is not the way now.
Is any way I am going wrong with the code.
Edit 2 :(erasing complete session data, you can use the below code)
ini_set('session.gc_max_lifetime', 0);
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 1);
Edit 1 (original) : Try this from PHP MANUAL
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Use this too
ini_set('session.gc_max_lifetime', 0);
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 1);
// Finally, destroy the session.
session_destroy();
?>
This question already has answers here:
How can I set a cookie and then redirect in PHP?
(6 answers)
Closed 9 years ago.
There are a lot of posts about that issue, nevertheless I'm unable to fix it. I try to delete a cookie in order to logoff the user in PHP and do a redirect afterwards:
$currentCookieParams = session_get_cookie_params();
session_set_cookie_params($currentCookieParams['lifetime'], '/', $currentCookieParams['domain'], $currentCookieParams['secure'], true);
session_name("PHPAUTH");
session_start();
$_SESSION = array();
if (ini_get("session.use_cookies"))
{
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}
session_destroy();
header("Location: http://localhost/Home/Index");
exit;
But the cookie is still there. When I disable the redirect, the cookie is deleted successfully. But with the redirect, the cookie isn't deleted anyway.
How can I ensure that the cookie is deleted with the redirect afterwards?
EDIT:
It seems my own code recreated the cookie in the next request. I want to check whether the user is still logged on and if not redirect to the login page:
$currentCookieParams = session_get_cookie_params();
session_set_cookie_params($currentCookieParams['lifetime'], '/', $currentCookieParams['domain'], $currentCookieParams['secure'], true);
session_name("PHPAUTH");
session_start();
if (!array_key_exists('angemeldet', $_SESSION) || !$_SESSION['angemeldet'])
{
header("Location: http://localhost/Account/LogOn");
exit;
}
How can I check this without recreating the cookie? Maybe a stupid question, but I'm quite confused at the moment...
I think a header() function must be above any other kind of function. If I'm right and you still want your programming format like that, you could try if this code would work:
if (ini_get("session.use_cookies"))
{
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}
session_destroy();
echo '<meta http-equiv="REFRESH" content="0;url=http://localhost/Home/Index">';
exit;
But of course, only if you like to do it so. I'm just giving you an example, and I'm not sure if combining <meta http-equiv="REFRESH" content="0;url=http://localhost/Home/Index"> with your syntax, would work.
I do the following to set my session, this works because the echo appears. but when I go to the next page or another the session is not there? what am I doing wrong?
$session_start();
if ($username==$dbusername&&$password==$dbpassword)
{
echo"<b>Login Successful</b><br><a href='systemadmin.html'><br>Click here to access the <strong>System Admin Page</strong></a>";
$_session['username']=$dbusername;
if($username == "admin")
{
$_session['admin'] = true;
}
I am trying to get the following to work with these sessions:
<?php
session_start();
if($_session['admin'] == true)
{
// do nothing
}else{
header( 'Location: home.html' ) ;
}
?>
Update:
the uppercase sessions work but now the sessions arent destroying when i use the logout.php
<?php
session_start();
session_destroy();
header("location: home.html");
?>
$_session should be => $_SESSION.
http://php.net/manual/en/reserved.variables.session.php
The first works because you are setting a 'normal' variable (which is available for the request).
UPDATE
To destroy the session:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
http://php.net/manual/en/function.session-destroy.php#example-4368
Additionaly you should always use exit(); after you do a redirect to prevent further execution of the script.
PHP Server/Session/Global variables are case sensitive. To PHP, $_SESSION is NOT the same variable as $_session, even though to you in English, they seem to be. You must use $_SESSION, not $_session in order to access the PHP Session variables as you are expecting.
You have to use exit(); after the header(); because the script doesn't always end right after the user redirects to a new page.
The name of the superglobal is $_SESSION in uppercase letters. Try changing that and see if it helps.
In case somebody knows, how can I make a hyperlink in PHP...
<?php
echo( 'Log-out' );
?>
that would not only to navigate to the first page, but also remove cookies?
Thanks!
You can make another page which clears all the cookies (i.e. sets them to expire in the past) and then redirects to index.php:
// page: clear.php
<?php
session_start();
$_SESSION = array();
session_destroy();
setcookie('cookie1', '', strtotime('-2 days'));
setcookie('cookie2', '', strtotime('-2 days'));
// etc.
header('Location: index.php');
exit();
I usually use the method prescribed by the manual:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
The only thing that remains is header('Location: index.php');
Submit a parameter in your link like index.php?logout=true, check for that parameter in your index.php and if set, delete cookies:
http://php.net/manual/de/function.setcookie.php
If you set the "lifetime" (expire) of a cookie to something in the past (or leave it out completely), it will be removed on the next pageload (do a Google search for "php delete cookie" to find help). Force a page reload, if needed.
You may also want to destroy the user's session.
Here's your HTML link
Log-out
And your PHP to handle to logging out
if(isset($_GET['logout'])) {
// clear the session variable, display logged out message
}
Use link like that:
<?php
echo( 'Log-out' );
?>
And index.php is:
<?php
$link = $_GET["link"];
if($link == "logout")
{
session_destroy();
}
?>
In the navigation menu:
Log out
In logout.php:
<?php
// kill the session
header('Location: index.php');
exit();
For killing the session, see the example at session_destroy() in the PHP manual.
Logout Link:
Log Out
logout.php
<?php
session_start();
session_destroy();
?>