darkywarkey Posted May 27, 2008 Share Posted May 27, 2008 I've created a user authentication session control which is working fine. The problem I'm having is when I logout a registered user, the session appears to be unset on the first load of the page but any subsequent page loads show the user that was just logged out active again. Using php 5.2.6 and the logout script is as follows... <?php session_start(); unset($_SESSION['valid_user']); session_destroy(); ?> Any ideas what could cause this? ??? ??? Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 27, 2008 Share Posted May 27, 2008 you could always do this: <?php session_start(); unset($_SESSION['valid_user']); $_SESSION['valid_user'] = false; session_destroy(); ?> I'm not sure how much good that will do, but if for any reason your session doesn't unset, it will be set to false. Quote Link to comment Share on other sites More sharing options...
darkywarkey Posted May 27, 2008 Author Share Posted May 27, 2008 Hmm doesn't help. Seems like something else is going on. Could some sort of cookie configuration be causing the problem? Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 27, 2008 Share Posted May 27, 2008 are you using sessions, or cookies? Quote Link to comment Share on other sites More sharing options...
darkywarkey Posted May 27, 2008 Author Share Posted May 27, 2008 Just sessions, as far as I know. I haven't written any code messing with the cookies, but I'm not too familiar with cookies or the configuration settings for them, thats the only reason I suggest that could be the problem. Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 27, 2008 Share Posted May 27, 2008 if you aren't setting cookies, and your site doesn't use cookies, then I don't see how cookies could be the issue. If you are using cookies and sessions, I don't know how to help there. I don't ever deal with cookies. Quote Link to comment Share on other sites More sharing options...
darkywarkey Posted May 27, 2008 Author Share Posted May 27, 2008 Then I'm not using them. I wasn't sure if there was something in the php.ini that could be auto setting them. Not familiar with cookies either. Any other ideas? Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 27, 2008 Share Posted May 27, 2008 try this: <?php session_start(); session_unset(); session_destroy(); header("location:index.php"); exit(); ?> Quote Link to comment Share on other sites More sharing options...
acidglitter Posted May 27, 2008 Share Posted May 27, 2008 i'm not sure, but i don't think you even need to use unset(). i think session_destroy() should be enough. on all the other pages, is there a code or file being loaded with the code that sets that session variable again? Quote Link to comment Share on other sites More sharing options...
gizmola Posted May 27, 2008 Share Posted May 27, 2008 Then I'm not using them. I wasn't sure if there was something in the php.ini that could be auto setting them. Not familiar with cookies either. Any other ideas? By default, PHP sessions do create cookies. This is actually a *good thing* IMNSHO. Pulled directly from the PHP manual --- // Initialize the session. // If you are using session_name("something"), don't forget it now! session_start(); // Unset all of the session variables. $_SESSION = array(); // If it's desired to kill the session, also delete the session cookie. // Note: This will destroy the session, and not just the session data! if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-42000, '/'); } // Finally, destroy the session. session_destroy(); ?> Quote Link to comment Share on other sites More sharing options...
darkywarkey Posted May 27, 2008 Author Share Posted May 27, 2008 try this: <?php session_start(); session_unset(); session_destroy(); header("location:index.php"); exit(); ?> Didn't work... No code automatically loading the session. It's user authentication, so they have to login with a username/password, which then sets the session variable. After logging out and it apparently working (the script shows a login field again, which is only shown when the session variable is unset), I try clicking the home page again and it acts as if I never logged out, showing the previous users information once again. Quote Link to comment Share on other sites More sharing options...
acidglitter Posted May 27, 2008 Share Posted May 27, 2008 maybe its only your browser. does it still show that if you refresh the page / or if you clear all of your cookies then refresh the page? Quote Link to comment Share on other sites More sharing options...
darkywarkey Posted May 28, 2008 Author Share Posted May 28, 2008 maybe its only your browser. does it still show that if you refresh the page / or if you clear all of your cookies then refresh the page? Yep, it still shows. Nothing suggested so far has worked. I'm still ??? Quote Link to comment Share on other sites More sharing options...
darkywarkey Posted May 28, 2008 Author Share Posted May 28, 2008 Figured it out! Weird as this is... it was the way the various pages were being linked, as in their url's. Some links I coded without the 'www.' in front of the domain name, and some were. I guess the sessions were being kept seperate between the two url variations. Good to know. Guess that goes to show you should always be consistent in coding standards. Quote Link to comment Share on other sites More sharing options...
corbin Posted May 28, 2008 Share Posted May 28, 2008 Cookies are set by domain, and PHP must set it so that subdomains and domains are not considered one in the same when it sets the session cookie. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.