Jump to content

[SOLVED] Sessions not DYING!!!!

Clinton

By Clinton
in PHP Coding Help

 Share

Recommended Posts

Clinton Regular Member

Clinton

Posted
Posted

My sessions not dying no matter what I do. I'm on my computer (localhost) so I don't know if that has anything to do with it but I would assume not. I've tried everything and even the code below, which unsets my only two session variables and then destroys everything, still keeps me logged in.

 

Why?  :-\

 

<?php

session_start();
$_SESSION = array();
unset($_SESSION['user_id']);
unset($_SESSION['logged_in']);
session_destroy();
header( "Location: index.php" );
?>

Link to comment
https://forums.phpfreaks.com/topic/139154-solved-sessions-not-dying/
Share on other sites
Clinton Regular Member

Clinton

Posted
  • Author
Posted

Ok, give me a sec... here's my script code just in case...

 

<?
if(!$_SESSION['logged_in'])
	{
   			$query = mysql_query('SELECT prefix, lname FROM employers WHERE id = "'.mysql_real_escape_string($_SESSION['user_id']).'"');
		$row = mysql_fetch_assoc($query);
		extract($row);
?>

<div class="module_s2">
<div class="first">
<div class="sec">
<h2><? echo $prefix; echo $lname; ?></h2>
<div class="box-indent">
<div class="width">

Welcome back. You have the con.<br /> 
<p>
<a href="logout.php">Logout</a>
</p>

</div>
</div>
</div>
</div>
</div>
<?
	}
	else
	{
?>


<div class="module_s2">
<div class="first">
<div class="sec">
<h3>Login</h3>
<div class="box-indent">
<div class="width">
<form action="<?=$_SERVER['PHP_SELF']?>" method="post" name="login" class="form-login">

<?
if(isset($_POST['login']))
    {
if($_POST['username']!='' && $_POST['password']!='')
	{
		//Use the input username and password and check against 'users' table
		$query = mysql_query('SELECT id, username, active FROM users WHERE username = "'.mysql_real_escape_string($_POST['username']).'" AND password = "'.mysql_real_escape_string(md5($_POST['password'])).'"');

		if(mysql_num_rows($query) == 1)
		{
			$row = mysql_fetch_assoc($query);
			if($row['active'] == NULL)
			{
				$_SESSION['user_id'] = $row['id'];
				$_SESSION['logged_in'] = TRUE;
			}
			else {
				$error = 'You have not activated your membership yet. Please open the email that we sent and click on the activation link <br />';
			}
		}
		else {
			$error = 'Login failed! <br />'; echo $_POST['username']; echo $_POST['password'];
		}
	}
	else {
		$error = 'Please use both your username and password to access your account <br />';
	}
}
  ?>

<?php if(isset($error)){ echo $error;}?>

<label for="mod_login_username"> 	Username	</label>
<input name="username" class="inputbox"/>
<label for="mod_login_password"> 	Password	</label>
<input type="password" name="password" class="inputbox"  /><br />
<input type="checkbox" name="remember" class="checkbox" value="yes" />
<label for="mod_login_remember" class="remember"> 	Remember Me	</label>
<input type="submit" name="login" class="button" value="login" />
<p>
<a href="passwordreset.php"> Forgot your password? </a>
</p>
<p>
<a href="usernamefind.php"> Forgot your username?</a>
</p>
<p>
No Account Yet?		<a href="register.php"><br />
Create an account</a>
</p>
</form>
</div>
</div>
</div>
</div>
</div>
<? } ?>
<? /////END LOGIN//// ?>

Clinton Regular Member

Clinton

Posted
  • Author
Posted

Tried that... lol... then I realized it's not echoing any rows. Ok...

 

If I use this :

 

<?
if(!$_SESSION['logged_in'])
	{
   			$query = mysql_query('SELECT prefix, lname FROM employers WHERE id = "'.mysql_real_escape_string($_SESSION['user_id']).'"');
		$row = mysql_fetch_assoc($query);
   			extract($row);
?>

 

It logs me in and finds the one user row just fine. BUT it does not log me out. It may be killing my user_id and logged_in but my session_id can still be echoed.

 

If I use:

 

<?
if(isset($_SESSION['logged_in']))
	{
   			$query = mysql_query('SELECT prefix, lname FROM employers WHERE id = "'.mysql_real_escape_string($_SESSION['user_id']).'"');
		$row = mysql_fetch_assoc($query);
   			extract($row);
?>

I can logout but my session id still remains and can be echoed. Then I have to enter my information twice to get a logged in status but it does not return any rows. 

Is there a way to kill the session id perhaps? Because this is just not working as for some reason the session id still remains...  ???

[code]

<?php
session_start();
session_unset();
session_destroy();
header( "Location: index.php" );
?>

Clinton Regular Member

Clinton

Posted
  • Author
Posted

I'm going to jump. It shouldn't be this hard. I can't remember having problems with this in the past.

 

This is the only thing in my logout.php page

 

<?php
session_start();
$_SESSION = array();
if(isset($_SESSION['user_id']) || isset($_SESSION['logged_in'])){
unset($_SESSION['user_id']);
unset($_SESSION['logged_in']);
session_destroy();
header( "Location: index.php" );
}
?>

 

and it's not going back to index.php nor is it killing the session.

redarrow Advanced Member

redarrow

Posted
Posted

Try this then.

 

<?php session_start();

$_SESSION = array();            
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');

session_destroy();
header( "Location: index.php" );
exit;
}
            
?>

Clinton Regular Member

Clinton

Posted
  • Author
Posted

Ok.... we're getting somewhere... it went right back to my index page and I noticed that the SESSION_ID had changed. Every time I go back and hit logout it gives me a new SES_ID. So what does that mean... that I'm resetting it somewhere in my code? Here's my entire index page.

 

<?php
session_start();
include 'connect/project.htm';
?>

<html>
<head>
<title>Welcome to test <?php echo session_id(); ?></title>

<link href="images/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link rel="stylesheet" href="index.css" type="text/css" />
<link rel="stylesheet" href="constant.css" type="text/css" />

</head>
<body>
<div id="tail">
	<div class="main">
		<div id="top">
			<div id="logo">
				<a href="index.php"><img src="images/logo.png" alt="" /></a>
			</div>
			<div class="right">
				<div id="topmenuposition">
				</div>
			<div id="topmenu">
				<div class="module_s10">
					<div>

						<div>
							<div>
										<ul class="menu-nav">
										<li class="item60"><a href="index.php"><span><em>Home</em></span></a></li>
										<li class="item29"><a href="aboutus.php"><span><em>About Us</em></span></a></li>
										<li class="item54"><a href="resources.php"><span><em>Resources</em></span></a></li>
										<li class="item55"><a href="press.php"><span><em>Press/Media</em></span></a></li>
										<li class="item56"><a href="contact.php"><span><em>Contact Us</em></span></a></li></ul>												</div>
						</div>
					</div>
				</div>
			</div>
			</div>
		</div>

<div id="header">
<div class="bg-right">
	<div class="bg-left">
		<div class="space"><img src="images/banner.png" alt="" /></div>
	</div>
</div>
</div>

<div id="breadcrumb">
<div class="module_breadcrumb">
	<div>
		<div>
			<div>
    					<span class="breadcrumbs pathway">

				<form name="search" action="search.php" method="POST">
				<select name="major" onchange='this.form.submit()'>
				<?php

    				$sql = "SELECT majors FROM degrees "."ORDER BY majors";

				$rs = mysql_query($sql);

				while($row = mysql_fetch_array($rs))
				{
    				extract($row);
  					echo "<option value='$majors'>$majors</option>";
				}

     				?>
                    </select>
				</form>
				</span>

			</div>
		</div>
	</div>
</div>
</div>

<div id="wrapper">
<div class="indent">
	<div id="right">
		<div class="module_menu">
			<div class="first">
				<div class="sec">
					<h3>Main Menu</h3>
						<div class="box-indent">
							<div class="width">
								<ul class="menu">
								<li id="current" class="active item1"><a href="index.php"><span><em>Home</em></span></a></li>
								<li class="item2"><a href="aboutus.php"><span><em>About Us</em></span></a></li>
								<li class="item50"><a href="resources.php"><span><em>Resources</em></span></a></li>
								<li class="item57"><a href="press.php"><span><em>Press/Media</em></span></a></li>
								<li class="item58"><a href="press.php"><span><em>Contact Us</em></span></a></li>
								<li class="item41"><a href="faq.php"><span><em>FAQ</em></span></a></li></ul>					</div>
						</div>
				</div>
			</div>
		</div>

<?php /// LOGIN START /// ?>

<?php
if(!$_SESSION['logged_in'])
	{
   			$query = mysql_query('SELECT prefix, lname FROM employers WHERE id = "'.mysql_real_escape_string($_SESSION['user_id']).'"');
		$row = mysql_fetch_assoc($query);
   			extract($row);
?>

<div class="module_s2">
<div class="first">
<div class="sec">
<h2><?php echo $row[prefix]; echo $row[lname];; ?></h2>
<div class="box-indent">
<div class="width">

Welcome back. You have the con.<br /> 
<p>
<a href="logout.php">Logout</a>
</p>

</div>
</div>
</div>
</div>
</div>
<?php
	}
	else
	{
?>


<div class="module_s2">
<div class="first">
<div class="sec">
<h3>Login</h3>
<div class="box-indent">
<div class="width">
<form action="<?=$_SERVER['PHP_SELF']?>" method="post" name="login" class="form-login">

<?php
if(isset($_POST['login']))
    {
if($_POST['username']!='' && $_POST['password']!='')
	{
		//Use the input username and password and check against 'users' table
		$query = mysql_query('SELECT id, username, active FROM users WHERE username = "'.mysql_real_escape_string($_POST['username']).'" AND password = "'.mysql_real_escape_string(md5($_POST['password'])).'"');

		if(mysql_num_rows($query) == 1)
		{
			$row = mysql_fetch_assoc($query);
			if($row['active'] == NULL)
			{
				$_SESSION['user_id'] = $row['id'];
				$_SESSION['logged_in'] = TRUE;
			}
			else {
				$error = 'You have not activated your membership yet. Please open the email that we sent and click on the activation link <br />';
			}
		}
		else {
			$error = 'Login failed! <br />'; echo $_POST['username']; echo $_POST['password'];
		}
	}
	else {
		$error = 'Please use both your username and password to access your account <br />';
	}
}
  ?>

<?php if(isset($error)){ echo $error;}?>

<label for="mod_login_username"> 	Username	</label>
<input name="username" class="inputbox"/>
<label for="mod_login_password"> 	Password	</label>
<input type="password" name="password" class="inputbox"  /><br />
<input type="checkbox" name="remember" class="checkbox" value="yes" />
<label for="mod_login_remember" class="remember"> 	Remember Me	</label>
<input type="submit" name="login" class="button" value="login" />
<p>
<a href="passwordreset.php"> Forgot your password? </a>
</p>
<p>
<a href="usernamefind.php"> Forgot your username?</a>
</p>
<p>
No Account Yet?		<a href="register.php"><br />
Create an account</a>
</p>
</form>
</div>
</div>
</div>
</div>
</div>
<?php } ?>
<?php /////END LOGIN//// ?>

	</div>

	<div id="content">
		<div class="content-tl">
			<div class="content-tr">
				<div class="width">
					<div id="boxes">
						<div id="box1">
							<div class="module">
								<div class="first">
									<div class="sec min-height">
										<div class="box-indent">
											<div class="width">
												<h3><span> Holders</span></h3>

		<table width="95%" border="0" cellspacing="0" cellpadding="1" class="boxtitle">
			<thead>
				<tr>
					<td> We've designed this with you in mind.	</td>
				</tr>
			</thead>
				<tr>
				<td align="center">
					<table class="pollstableborder" cellspacing="0" cellpadding="0" border="0">
						<table class="pollstableborder" cellspacing="0" cellpadding="0" border="0">
						<tr>
							<td> </td>
						<tr>
							<td>
							<label for="voteid1"> <img src="images/bullet.gif" alt="" />      </label>
							</td>
						</tr>
						<tr>
							<td>
							<label for="voteid1"> <img src="images/bullet.gif" alt="" />     We only allow eliminating clutter. </label>
							</td>
						</tr>
						<tr>
							<td>
							<label for="voteid1"> <img src="images/bullet.gif" alt="" />     No black holes.  </label>
							</td>
						</tr>
					</table>
				</td>
				</tr>

		</table>

					</div>
				</div>
			</div>
		</div>
	</div>
</div>

<div id="box2">
	<div class="module user2">
		<div class="first">
			<div class="sec min-height">
				<div class="box-indent">
					<div class="width">
						<h3><span>People</span></h3>
                                <table width="95%" border="0" cellspacing="0" cellpadding="1" class="boxtitle">
				<thead>
				<tr>
					<td> You need the best, here's why we are it:	</td>
				</tr>
				</thead>

				<table class="pollstableborder" cellspacing="0" cellpadding="0" border="0">

					</table><br />
					<center><a href="eregister.php" class="button">Continue </a></center>
							</table>
       					</div>
				</div>
			</div>
		</div>
	</div>
</div>
			</div>

		<div id="container">
			<div class="cont-left">
				<div class="cont-right">
					<div class="width">
																									<table class="blog" cellpadding="0" cellspacing="0">
	<tr>
		<td valign="top">
		<div>


		<table class="contentpaneopen">
			<tr>
				<td class="contentheading" width="100%">
				Welcome to test!
				</td>
			</tr>
		</table>

		<table class="contentpaneopen">
			<tr>
				<td>
				<div class="createdate bg"> 1 March 2009	</div>
				</td>
			</tr>


		</table>

		<span class="article_separator"> </span>
		</div>
		</td>
	</tr>
</table>

					</div>
				</div>
			</div>
		</div>
				</div>
			</div>
		</div>
	</div>
</div>
</div>

	</div>
</div>

<div id="footer">
<div class="bg">
	<div class="right-bg">
		<div class="left-bg">
			<div class="space">
					© 2009 test
			</div>
		</div>
	</div>
</div>
</div>

</body>
</html>

Clinton Regular Member

Clinton

Posted
  • Author
Posted

Could it have something to do with the session start?

 

"

 

Just like with our cookies, the

 

  1. session_start() 

 

session_start()

 

code must be in the header and you can not send anything to the browser before it. It’s best to just put it directly after the to avoid potential problems.

 

So how will it know it’s me? Most sessions set a cookie on your computer to uses as a key… it will look something like this: 350401be75bbb0fafd3d912a1a1d5e54. Then when a session is opened on another page, it scans your computer for a key. If there is a match, it accesses that session, if not it starts a new session for you. "

 

But that needs to be on every page, right?

Solar Regular Member

Solar

Posted
Posted

The log out didn't work. It's got to be something simple I'm missing. I'm just going to redo the whole thing from scratch.

 

But why the session_regenerate_id(true);? Why do you get a new session id for each page? What's the purpose?

 

Wouldn't you want to use a;

 

global $session;
$retval = $session->logout();

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.