I am using the following code to invalidate the session. I have linked to logout.php in many pages. If that logout link is clicked the logout.php page is called. The following is the code in logout.php.
unset($_SESSION['admin']);
session_destroy();
header('Location: index.php');
Once the session is invalidated I want to open the page index.php.
But I am geting the following error:
Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session in C:\xampp\htdocs\Selection\logout.php on line 3
Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\Selection\logout.php:3) in C:\xampp\htdocs\Selection\logout.php on line 4
What is wrong?
I think that you can't have called the session_start() function before destroy the session.
You`ll need to call session_start() on top of the page to remind php that this pagecall belongs to the session. - At least PHP manual tells that.
The notes on that manual page give hint, that session_unset() is only to be used in older environments that are not using $_SESSION variable.
You have to open the session first:
header('Location: index.php');
session_start();
session_unset();
session_destroy();
The problem is that you can't destroy a session which hasn't been started. That is then raising a warning which is being echoed to the browser. The next problem is that you can't send headers after there's been output to the browser, so it raises another warning.
You just need to check if a session exists first:
if (session_name() != '') {
session_destroy();
}
You must ALWAYS use session_start(); BEFORE using a session function/variable. So start all PHP files with session_start();. Also logout.php:
session_start();
session_destroy();
header('Location: index.php');
You also don't need to unset it.
Related
On my page I have a session being created which can be accessed and called fine usually. However, I am adding a logout button which links to logout.php which only contains the lines
session_unset();
session_destroy();
Noting out the session_destroy, I've noticed that there is no error, but nothing happens to the current session. However, session_destroy is giving the following error. Similar questions show that this is because people have not called session start, but the session has been started in my login.php
You got error in your logout.php page. You wrote only two lines but try to add one line at the top of the page in your PHP scope.
session_start();
session_destroy();
It will work...!!!
I've got a problem with session_start() function.
This is the first time I met this problem, I have a few session variables. When I open logout.php file, session is destoryed. But then, when I call session_start(), all the previous session variables "revive".
logout.php
session_destroy();
header('Location: login.php');
Even when I delete all the $_SESSION data manually like:
$_SESSION = array();
those variables are still there after calling session_start();
I have no idea why does session_start work like that.
I hope you can help me, thanks in advance!
A novice php learner. I read in a book, and continue to see this at certain forums and tutorials that the statement: session_start() is required to access all global session variables. And yet, multiple solutions offered at stackoverflow suggest using a block of this sort:
if(!(_isset($_SESSION['user']))){
session_start()
}
to be able to access the session variables. Based on my understanding, the session variable $_SESSION['user'] could only have been set at a previous php file by starting a session, and is "only" visible to the current page after the session_start() statement is called. Yet it produces the notice:
Notice: A session had already been started - ignoring session_start().
what am i missing?
Thanks everybody!
Your first block of code should be checking if the session variable is set, rather than the user variable exists in the session:
if(!isset($_SESSION)) {
session_start();
}
However, if you just ensure that you only have a single session_start() per page then you can avoid the "A session had already been started" notice.
session_start() is required to read / set any session variables.
Generally, I would think your code should look like this:
session_start()
if(!(_isset($_SESSION['user']))){
// do stuff here
}
However, the error message implies that you have already started the session elsewhere in your file.
You might have auto_start turned on somewhere (php.ini, .htaccess, etc)?
http://www.php.net/manual/en/session.configuration.php#ini.session.auto-start
Here is a scenario where your error would be triggered :
index.php:
<?php session_start();
require_once('some-page.php'); ?>
some-page.php:
<?php session_start(); // this would make an error when included to index.nl ?>
some-page.php should not have session-start in it as index.php already has started the session.
Also note that going to another page or even closing the tab will not reset your session variables ! so if you set S_SESSION['user'] = 'someuser'; , you close the tab and go to the website again, the session is still there and $_SESSION['user'] would still have someuser as value ! to manualy destroy the session , use session_destroy();
I created a log out page and calling it through a href link but it not working the session was not destroying. Help me, the code n link are below.
logout.php
<?php
session_start();
session_unset();
session_destroy();
header("location:index.php");
?>
Make sure the file is on same server.
Write this code on the very top of everything else.
Additionally use this code
session_unset();
session_write_close();
session_destroy only destroys session on server end not the cookies, make sure you are not using cookies, if yes then see below code
To Set cookie
setcookie("cookieName", $value, time()+3600);
To Unset Cookie
setcookie("cookieName", $value, time()-36000);
More details about session: PHP: session_destroy - Manual
You probably need to regenerate the session ID:
session_regenerate_id();
In my application, when the user logs out, I want to destroy all the current user's sessions. Do I unset each session used in the application and then call session_destroy() or just call session_destroy()?
Thank you!
session_destroy() does not destroy all user's sessions. You would need to write to a persistent storage media (database, text file, etc.) and then call session_destroy() to kill it's own session. Then, have all pages check it when they load. If it has some special command in it (for example, normal is 0, destroy command is 1), have them call session_destroy().
session_unset(): Remove all session vars. In the 1rst F5 no longer display the session variables.
session_destroy(): Delete the current session. In the 2dn F5 no longer display the session variables.
Therefore your logout.php script could be:
<?php
session_start();
...
// remove all session variables
session_unset();
// destroy the session
session_destroy();
// Redirect to home
header("Location: home.php");
exit();
The session_destroy() function should unset all sessions that you have set. So yes, you should only have to call that. You can test it by calling session_destroy() then trying to echo a session value, if it echoes then it's not worked, if an error of some description appears, then the session has successfully been destroyed.