[SOLVED] Can't Logout Of My Own Site - Related With Sessions?

[Vermillion]

It seems this only happens while my site is hosted elsewhere and not on my localhost.

 

<?php 

session_start();
session_destroy();
header("location:".$_SERVER['HTTP_REFERER']);

?>

 

That's my logout script. Only 7 lines on the whole file. On my localhost, I can logout without problems. But while it is hosted (I'm using 0000webhost.net as my host, if that matters), I have to clean my Session Cookies (thanks Web Developer Toolbar ) to log out. Otherwise the page keeps reloading, but it doesn't log me out.

 

This is the link to my site (on a freehost), so you can try out: http://vermillion.07x.net/vghack/index.php

 

Help?

[kratsg]

On first thought, it might the location of the session/cookie. Since it's on a different site, the location may not have changed. But then, what wonders is how you log on in the first place.

 

My second thought is perhaps, since it's set in cookies, you might have a session saved in a cookie... So, try php.net's version of destroying a session for sure:

<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');
}

// Finally, destroy the session.
session_destroy();
?> 

[Vermillion]

I don't send any cookies with my loggin script (not yet, anyways ;P), except the session cookies that I didn't know they were sent until I started having this problem.

 

I still tried using that method though, and it still didn't work .

[PFMaBiSmAd]

Add the following two lines immediately after your <?php tag -

 

ini_set ("display_errors", "1");
error_reporting(E_ALL);

[Vermillion]

<?php

ini_set ("display_errors", "1");
error_reporting(E_ALL);

session_start();

$_SESSION = array();

if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');
}

session_destroy();

header("location:".$_SERVER['HTTP_REFERER']);

?> 

 

Maybe I am not editing the code properly?

[slapdashgrim]

try both

<?php
unset($_SESSION);
session_destroy();
?>

[kratsg]

try both

<?php
unset($_SESSION);
session_destroy();
?>

 

You reminded me of a problem I've been having with this Generic ACP that I've been developing. It forces an auth-page to prompt for username//password, checks this, and keeps its own session. No sessions are involved with it, because of the manner of the script (I can elaborate on this further). But basically, when I try to log-out, by clearing off the username//pass filled in, it seems to stay logged on and I believe it's because of cache.

 

Another thing you can do, if you can't kill off the session, is to change it. If the script checks user/pass via session data, then you can give it a fake combination which would throw off to the script that it's an invalid combination.

[Vermillion]

...

This is the worst error I have made so far in my life.

Since it was online, and the link to logout was this one...

 

http://localhost/vghack/logout/index.php

 

It is obviously not going to work ! Haha, sorry for wasting your time guys...