from my logout.php :
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
if ( isset( $_SESSION['colony_id']))
$cookie = $_SESSION['colony_id'] ;
$_SESSION = array();
if(isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}
session_destroy();
//this fails- session_start() ;
if ( !empty($cookie))
$_SESSION['colony_id'] = $cookie ;
// redirect_to("login.php?logout=1");
?>
I want to end the current session and then start a new session, with one of the variables from the old session in the new session. I tried adding a second session_start statement, but that had no effect. What else can I do ?
Thanks
Edit: I decided to redirect to a new page, on which a fresh session_start() statement created a new session
See this link :
http://bugs.php.net/bug.php?id=38042
it's a bug in php and it has a patch.
You could put the session variable into a normal variable, and then destroy the session and put it back in the session after you create a new one.
If you jsut have one variable you want to save, and you absolutly want to destroy the session:
Save the variable to a local variable, destroy the session, start a session, and then reload th session variable...
$localvar = $_SESSION['variable'];
session_destroy();
session_start();
$_SESSOIN['variable'] = $localvar;
Related
I am developing system with sessions in which I have put the code to start session after successful login and assigned values to session variables like $_SESSION['email']. Also, I have put a session destroy code, but the session doesn't seem to destroy. I have following files - index.php
This file grants the access to user for correct credentials with following code:
if(password_verify($password,$dbpass)){
$stmt = $conn->prepare("SELECT name, image FROM admins WHERE email=?");
$stmt->bind_param("s",$email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($name,$image);
$stmt->fetch();
$_SESSION['name'] = $name;
$_SESSION['email'] = $email;
$_SESSION['image'] = $image;
header("Location:insert.php");
}
It works fine by setting session variables and redirects to intended file. In the file insert.php, I have imported file session.php which has below code:
session_start();
if(!isset($_SESSION['email'])){
header("Location:index.php");
}
also, I have a logout.php file which has following code:
if(isset($_SESSION['email'])){
session_destroy();
}
header("Location: index.php");
After running logout.php, if i again tries to access file insert.php, it opens, though the session file is imported in it. It should be redirected to index.php file. What is going wrong? Anyone please help.
Your session and your $_SESSION server variables are seperate.
The session will be broken but the variable won't be empty.
Try this:
session_start();
session_destroy();
//Now you can choose whether you want to unset all sessions, or specific one(s):
$unset_sessions = ['email'];
foreach($_SESSION as $session => $session_value) {
if (in_array($session, $unset_sessions))
unset($_SESSION[$session]);
}
//Or all of them:
$_SESSION = [];
Thought it'd be fun to also create a function out of this:
function breakSessions($specifics= []) {
if (!empty($specific)) { //Handle specifics
foreach($_SESSION as $session => $session_value) {
if (in_array($session, $specifics))
unset($_SESSION[$session]);
}
} else {
$_SESSION = [];
}
}
breakSessions(['login', 'remember_me']) //Specifics;
breakSessions(); //All of them```
if(isset($_SESSION['email'])){
session_start();
session_destroy();
}
header("Location: index.php");
You can't destroy a session without having "start" before. It's reccomended to have a session file which contains "session_start();" which you build templates from so that every page always have "session_start();"
I am having trouble in destroying session when user logout of its account. After logging out when i browse any page which is restricted to user not to access before login i can access that but if i close my browser after logging out and then try to access the page i cant. Please solve my problem so that user cannot access the pages after logging out even he/she has not closed the browser. Here's my code of logging out and destroying session.
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
if(isset($_POST['logout'])){
session_start();
// Unset all of the session variables.
$_SESSION = array();
$_SESSION["Alogin"] = "";
// If it's desired to kill the session, also delete the session
cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
}
?>
Session session_start() must be at the top
<?php
// Initialize the session.
session_start();
// If you are using session_name("something"), don't forget it now!
if(isset($_POST['logout'])){
//What ever you want
// Finally, destroy the session.
unset( $_SESSION );
session_destroy();
//redirect to loginpage
header('Location:../login.php');
exit;
}
?>
Put your session_start (); outside the if statement and
check with print_r ($_POST); if you send $_POST['logout']
<?php
include('session_sty_chk.php');
session_start();
if(session_destroy()) // Destroying All Sessions
{
//echo "<script>alert('$login_sessionn log out successfully');</script>";
echo"<script>window.location.href = 'index_sty_chk.php';</script>";
//header("Location: index.php"); // Redirecting To Home Page
}
?>
above code is session destroy code.
In my application i am create two session
Session name:-
1:-admin,
2:-society user
when i am click on logout button then destoy the bothe admin and society user session.
So sir i want destoy only society user session in the application so help me to solve it.
unset($_SESSION['society user']);
use this code
From the php website:
<?php
$session_id_to_destroy = 'nill2if998vhplq9f3pj08vjb1';
// 1. commit session if it's started.
if (session_id()) {
session_commit();
}
// 2. store current session id
session_start();
$current_session_id = session_id();
session_commit();
// 3. hijack then destroy session specified.
session_id($session_id_to_destroy);
session_start();
session_destroy();
session_commit();
// 4. restore current session id. If don't restore it, your current session will refer to the session you just destroyed!
session_id($current_session_id);
session_start();
session_commit();
?>
Link: http://php.net/manual/en/function.session-destroy.php#114709
Is there some correct way to regenerate session ID and unset old session? I DONT WANT delete it, but only unset.
i have this function
function sessionRegenerateID(){
session_start();
$ses = $_SESSION;
session_unset();
session_write_close();
session_start();
session_regenerate_id();
$_SESSION = $ses;
}
I have a logout file for my web application. I would like to create a session after the logout so that I can echo a logout success message. My logout code works but I am unable to create a new session after destroying the previous one.
What is the best way to do this, see code:
//LOGOUT.PHP
session_start();
//// unset all $_SESSION variables
session_regenerate_id();
session_unset();
session_destroy();
$_SESSION['logoutsuccess'] = 'You have successfully logged out.';
header("Location: /login/");
exit;
//LOGIN.PHP (ECHO SUCCESS MESSAGE)
if(isset($_SESSION['logoutsuccess']))
{
echo '<div class="success">'.$_SESSION['logoutsuccess'].'</div>';
unset($_SESSION['logoutsuccess']);
}
I would like to avoid passing variables in the url if possible.
Call session_start() again after session_destroy()?
Just start a new session:
session_start();
session_destroy();
session_start();
$_SESSION['food'] = 'pizza';
Instead of trying to store it as a session variable, you could check the referer and check for /logout/
if(strpos($_SERVER['HTTP_REFERER'], 'logout') !== false) {
echo 'You have successfully logged out.';
}
session_id($session_id_to_destroy);
session_start();
session_destroy();
session_commit();