Clinton Posted January 2, 2009 Share Posted January 2, 2009 My sessions not dying no matter what I do. I'm on my computer (localhost) so I don't know if that has anything to do with it but I would assume not. I've tried everything and even the code below, which unsets my only two session variables and then destroys everything, still keeps me logged in. Why? :-\ <?php session_start(); $_SESSION = array(); unset($_SESSION['user_id']); unset($_SESSION['logged_in']); session_destroy(); header( "Location: index.php" ); ?> Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted January 2, 2009 Share Posted January 2, 2009 try <?php session_start(); session_unset(); session_destroy(); header( "Location: index.php" ); ?> Quote Link to comment Share on other sites More sharing options...
Clinton Posted January 2, 2009 Author Share Posted January 2, 2009 No go. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted January 2, 2009 Share Posted January 2, 2009 ok, do <?php session_start(); session_unset(); session_destroy(); echo $_SESSION['user_id']; exit(); header( "Location: index.php" ); ?> Does it print anything? Quote Link to comment Share on other sites More sharing options...
Clinton Posted January 2, 2009 Author Share Posted January 2, 2009 Ok, give me a sec... here's my script code just in case... <? if(!$_SESSION['logged_in']) { $query = mysql_query('SELECT prefix, lname FROM employers WHERE id = "'.mysql_real_escape_string($_SESSION['user_id']).'"'); $row = mysql_fetch_assoc($query); extract($row); ?> <div class="module_s2"> <div class="first"> <div class="sec"> <h2><? echo $prefix; echo $lname; ?></h2> <div class="box-indent"> <div class="width"> Welcome back. You have the con.<br /> <p> <a href="logout.php">Logout</a> </p> </div> </div> </div> </div> </div> <? } else { ?> <div class="module_s2"> <div class="first"> <div class="sec"> <h3>Login</h3> <div class="box-indent"> <div class="width"> <form action="<?=$_SERVER['PHP_SELF']?>" method="post" name="login" class="form-login"> <? if(isset($_POST['login'])) { if($_POST['username']!='' && $_POST['password']!='') { //Use the input username and password and check against 'users' table $query = mysql_query('SELECT id, username, active FROM users WHERE username = "'.mysql_real_escape_string($_POST['username']).'" AND password = "'.mysql_real_escape_string(md5($_POST['password'])).'"'); if(mysql_num_rows($query) == 1) { $row = mysql_fetch_assoc($query); if($row['active'] == NULL) { $_SESSION['user_id'] = $row['id']; $_SESSION['logged_in'] = TRUE; } else { $error = 'You have not activated your membership yet. Please open the email that we sent and click on the activation link <br />'; } } else { $error = 'Login failed! <br />'; echo $_POST['username']; echo $_POST['password']; } } else { $error = 'Please use both your username and password to access your account <br />'; } } ?> <?php if(isset($error)){ echo $error;}?> <label for="mod_login_username"> Username </label> <input name="username" class="inputbox"/> <label for="mod_login_password"> Password </label> <input type="password" name="password" class="inputbox" /><br /> <input type="checkbox" name="remember" class="checkbox" value="yes" /> <label for="mod_login_remember" class="remember"> Remember Me </label> <input type="submit" name="login" class="button" value="login" /> <p> <a href="passwordreset.php"> Forgot your password? </a> </p> <p> <a href="usernamefind.php"> Forgot your username?</a> </p> <p> No Account Yet? <a href="register.php"><br /> Create an account</a> </p> </form> </div> </div> </div> </div> </div> <? } ?> <? /////END LOGIN//// ?> Quote Link to comment Share on other sites More sharing options...
Clinton Posted January 2, 2009 Author Share Posted January 2, 2009 No, it does not echo anything. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted January 2, 2009 Share Posted January 2, 2009 Then it is working You must be resetting the session on another page, although change if(!$_SESSION['logged_in']) to if(isset($_SESSION['logged_in'])) Quote Link to comment Share on other sites More sharing options...
Clinton Posted January 2, 2009 Author Share Posted January 2, 2009 Well i'm using that code on my only two pages I have setup right now so if the errors not there than I have no idea. :-| Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted January 2, 2009 Share Posted January 2, 2009 Did you try the above Quote Link to comment Share on other sites More sharing options...
Clinton Posted January 2, 2009 Author Share Posted January 2, 2009 lol.... yea, but it's acting really weird now. I have to login twice for it to work (yea, twice before it shows me as logged in) and then it's not liking my extract $row bit. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted January 2, 2009 Share Posted January 2, 2009 Don't use it then Just do $row[row_name]; Quote Link to comment Share on other sites More sharing options...
Clinton Posted January 2, 2009 Author Share Posted January 2, 2009 Tried that... lol... then I realized it's not echoing any rows. Ok... If I use this : <? if(!$_SESSION['logged_in']) { $query = mysql_query('SELECT prefix, lname FROM employers WHERE id = "'.mysql_real_escape_string($_SESSION['user_id']).'"'); $row = mysql_fetch_assoc($query); extract($row); ?> It logs me in and finds the one user row just fine. BUT it does not log me out. It may be killing my user_id and logged_in but my session_id can still be echoed. If I use: <? if(isset($_SESSION['logged_in'])) { $query = mysql_query('SELECT prefix, lname FROM employers WHERE id = "'.mysql_real_escape_string($_SESSION['user_id']).'"'); $row = mysql_fetch_assoc($query); extract($row); ?> I can logout but my session id still remains and can be echoed. Then I have to enter my information twice to get a logged in status but it does not return any rows. Is there a way to kill the session id perhaps? Because this is just not working as for some reason the session id still remains... ??? [code] <?php session_start(); session_unset(); session_destroy(); header( "Location: index.php" ); ?> Quote Link to comment Share on other sites More sharing options...
redarrow Posted January 2, 2009 Share Posted January 2, 2009 Try this then. <?php session_start(); $_SESSION = array(); if(isset($_SESSION['user_id']) || isset($_SESSION['logged_in'])){ unset($_SESSION['user_id']); unset($_SESSION['logged_in']); session_destroy(); header( "Location: index.php" ); } ?> Quote Link to comment Share on other sites More sharing options...
Clinton Posted January 2, 2009 Author Share Posted January 2, 2009 I'm going to jump. It shouldn't be this hard. I can't remember having problems with this in the past. This is the only thing in my logout.php page <?php session_start(); $_SESSION = array(); if(isset($_SESSION['user_id']) || isset($_SESSION['logged_in'])){ unset($_SESSION['user_id']); unset($_SESSION['logged_in']); session_destroy(); header( "Location: index.php" ); } ?> and it's not going back to index.php nor is it killing the session. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted January 2, 2009 Share Posted January 2, 2009 try removing $_SESSION = array(); Quote Link to comment Share on other sites More sharing options...
Clinton Posted January 2, 2009 Author Share Posted January 2, 2009 Negative. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted January 2, 2009 Share Posted January 2, 2009 Try using the logout code i gave you earlier just put that if statement in. Also try the debug thing i showed you to find out if the session is destroyed. Quote Link to comment Share on other sites More sharing options...
redarrow Posted January 2, 2009 Share Posted January 2, 2009 Try this then. <?php session_start(); $_SESSION = array(); if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-42000, '/'); session_destroy(); header( "Location: index.php" ); exit; } ?> Quote Link to comment Share on other sites More sharing options...
Clinton Posted January 2, 2009 Author Share Posted January 2, 2009 Ok.... we're getting somewhere... it went right back to my index page and I noticed that the SESSION_ID had changed. Every time I go back and hit logout it gives me a new SES_ID. So what does that mean... that I'm resetting it somewhere in my code? Here's my entire index page. <?php session_start(); include 'connect/project.htm'; ?> <html> <head> <title>Welcome to test <?php echo session_id(); ?></title> <link href="images/favicon.ico" rel="shortcut icon" type="image/x-icon" /> <link rel="stylesheet" href="index.css" type="text/css" /> <link rel="stylesheet" href="constant.css" type="text/css" /> </head> <body> <div id="tail"> <div class="main"> <div id="top"> <div id="logo"> <a href="index.php"><img src="images/logo.png" alt="" /></a> </div> <div class="right"> <div id="topmenuposition"> </div> <div id="topmenu"> <div class="module_s10"> <div> <div> <div> <ul class="menu-nav"> <li class="item60"><a href="index.php"><span><em>Home</em></span></a></li> <li class="item29"><a href="aboutus.php"><span><em>About Us</em></span></a></li> <li class="item54"><a href="resources.php"><span><em>Resources</em></span></a></li> <li class="item55"><a href="press.php"><span><em>Press/Media</em></span></a></li> <li class="item56"><a href="contact.php"><span><em>Contact Us</em></span></a></li></ul> </div> </div> </div> </div> </div> </div> </div> <div id="header"> <div class="bg-right"> <div class="bg-left"> <div class="space"><img src="images/banner.png" alt="" /></div> </div> </div> </div> <div id="breadcrumb"> <div class="module_breadcrumb"> <div> <div> <div> <span class="breadcrumbs pathway"> <form name="search" action="search.php" method="POST"> <select name="major" onchange='this.form.submit()'> <?php $sql = "SELECT majors FROM degrees "."ORDER BY majors"; $rs = mysql_query($sql); while($row = mysql_fetch_array($rs)) { extract($row); echo "<option value='$majors'>$majors</option>"; } ?> </select> </form> </span> </div> </div> </div> </div> </div> <div id="wrapper"> <div class="indent"> <div id="right"> <div class="module_menu"> <div class="first"> <div class="sec"> <h3>Main Menu</h3> <div class="box-indent"> <div class="width"> <ul class="menu"> <li id="current" class="active item1"><a href="index.php"><span><em>Home</em></span></a></li> <li class="item2"><a href="aboutus.php"><span><em>About Us</em></span></a></li> <li class="item50"><a href="resources.php"><span><em>Resources</em></span></a></li> <li class="item57"><a href="press.php"><span><em>Press/Media</em></span></a></li> <li class="item58"><a href="press.php"><span><em>Contact Us</em></span></a></li> <li class="item41"><a href="faq.php"><span><em>FAQ</em></span></a></li></ul> </div> </div> </div> </div> </div> <?php /// LOGIN START /// ?> <?php if(!$_SESSION['logged_in']) { $query = mysql_query('SELECT prefix, lname FROM employers WHERE id = "'.mysql_real_escape_string($_SESSION['user_id']).'"'); $row = mysql_fetch_assoc($query); extract($row); ?> <div class="module_s2"> <div class="first"> <div class="sec"> <h2><?php echo $row[prefix]; echo $row[lname];; ?></h2> <div class="box-indent"> <div class="width"> Welcome back. You have the con.<br /> <p> <a href="logout.php">Logout</a> </p> </div> </div> </div> </div> </div> <?php } else { ?> <div class="module_s2"> <div class="first"> <div class="sec"> <h3>Login</h3> <div class="box-indent"> <div class="width"> <form action="<?=$_SERVER['PHP_SELF']?>" method="post" name="login" class="form-login"> <?php if(isset($_POST['login'])) { if($_POST['username']!='' && $_POST['password']!='') { //Use the input username and password and check against 'users' table $query = mysql_query('SELECT id, username, active FROM users WHERE username = "'.mysql_real_escape_string($_POST['username']).'" AND password = "'.mysql_real_escape_string(md5($_POST['password'])).'"'); if(mysql_num_rows($query) == 1) { $row = mysql_fetch_assoc($query); if($row['active'] == NULL) { $_SESSION['user_id'] = $row['id']; $_SESSION['logged_in'] = TRUE; } else { $error = 'You have not activated your membership yet. Please open the email that we sent and click on the activation link <br />'; } } else { $error = 'Login failed! <br />'; echo $_POST['username']; echo $_POST['password']; } } else { $error = 'Please use both your username and password to access your account <br />'; } } ?> <?php if(isset($error)){ echo $error;}?> <label for="mod_login_username"> Username </label> <input name="username" class="inputbox"/> <label for="mod_login_password"> Password </label> <input type="password" name="password" class="inputbox" /><br /> <input type="checkbox" name="remember" class="checkbox" value="yes" /> <label for="mod_login_remember" class="remember"> Remember Me </label> <input type="submit" name="login" class="button" value="login" /> <p> <a href="passwordreset.php"> Forgot your password? </a> </p> <p> <a href="usernamefind.php"> Forgot your username?</a> </p> <p> No Account Yet? <a href="register.php"><br /> Create an account</a> </p> </form> </div> </div> </div> </div> </div> <?php } ?> <?php /////END LOGIN//// ?> </div> <div id="content"> <div class="content-tl"> <div class="content-tr"> <div class="width"> <div id="boxes"> <div id="box1"> <div class="module"> <div class="first"> <div class="sec min-height"> <div class="box-indent"> <div class="width"> <h3><span> Holders</span></h3> <table width="95%" border="0" cellspacing="0" cellpadding="1" class="boxtitle"> <thead> <tr> <td> We've designed this with you in mind. </td> </tr> </thead> <tr> <td align="center"> <table class="pollstableborder" cellspacing="0" cellpadding="0" border="0"> <table class="pollstableborder" cellspacing="0" cellpadding="0" border="0"> <tr> <td> </td> <tr> <td> <label for="voteid1"> <img src="images/bullet.gif" alt="" /> </label> </td> </tr> <tr> <td> <label for="voteid1"> <img src="images/bullet.gif" alt="" /> We only allow eliminating clutter. </label> </td> </tr> <tr> <td> <label for="voteid1"> <img src="images/bullet.gif" alt="" /> No black holes. </label> </td> </tr> </table> </td> </tr> </table> </div> </div> </div> </div> </div> </div> <div id="box2"> <div class="module user2"> <div class="first"> <div class="sec min-height"> <div class="box-indent"> <div class="width"> <h3><span>People</span></h3> <table width="95%" border="0" cellspacing="0" cellpadding="1" class="boxtitle"> <thead> <tr> <td> You need the best, here's why we are it: </td> </tr> </thead> <table class="pollstableborder" cellspacing="0" cellpadding="0" border="0"> </table><br /> <center><a href="eregister.php" class="button">Continue </a></center> </table> </div> </div> </div> </div> </div> </div> </div> <div id="container"> <div class="cont-left"> <div class="cont-right"> <div class="width"> <table class="blog" cellpadding="0" cellspacing="0"> <tr> <td valign="top"> <div> <table class="contentpaneopen"> <tr> <td class="contentheading" width="100%"> Welcome to test! </td> </tr> </table> <table class="contentpaneopen"> <tr> <td> <div class="createdate bg"> 1 March 2009 </div> </td> </tr> </table> <span class="article_separator"> </span> </div> </td> </tr> </table> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> <div id="footer"> <div class="bg"> <div class="right-bg"> <div class="left-bg"> <div class="space"> © 2009 test </div> </div> </div> </div> </div> </body> </html> Quote Link to comment Share on other sites More sharing options...
Clinton Posted January 2, 2009 Author Share Posted January 2, 2009 Could it have something to do with the session start? " Just like with our cookies, the 1. session_start() session_start() code must be in the header and you can not send anything to the browser before it. It’s best to just put it directly after the to avoid potential problems. So how will it know it’s me? Most sessions set a cookie on your computer to uses as a key… it will look something like this: 350401be75bbb0fafd3d912a1a1d5e54. Then when a session is opened on another page, it scans your computer for a key. If there is a match, it accesses that session, if not it starts a new session for you. " But that needs to be on every page, right? Quote Link to comment Share on other sites More sharing options...
redarrow Posted January 2, 2009 Share Posted January 2, 2009 every page should have session start. have you cheeked the time limit off your session 's in php.ini. maybe it set to high. cheek. Quote Link to comment Share on other sites More sharing options...
lokie538 Posted January 2, 2009 Share Posted January 2, 2009 This is the code I use: <?php unset($_SESSION); session_destroy(); header ( "Location: index.php" ); ?> Also everytime a user loads a page i use: session_regenerate_id(true); im a newbie so im not sure is this is the best way too go, but it seems too work Quote Link to comment Share on other sites More sharing options...
Clinton Posted January 2, 2009 Author Share Posted January 2, 2009 The log out didn't work. It's got to be something simple I'm missing. I'm just going to redo the whole thing from scratch. But why the session_regenerate_id(true);? Why do you get a new session id for each page? What's the purpose? Quote Link to comment Share on other sites More sharing options...
Solar Posted January 2, 2009 Share Posted January 2, 2009 The log out didn't work. It's got to be something simple I'm missing. I'm just going to redo the whole thing from scratch. But why the session_regenerate_id(true);? Why do you get a new session id for each page? What's the purpose? Wouldn't you want to use a; global $session; $retval = $session->logout(); Quote Link to comment Share on other sites More sharing options...
Clinton Posted January 2, 2009 Author Share Posted January 2, 2009 I have no idea what any of that means. :-| *Where did I put my GOogle?* Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.