rv20 Posted June 2, 2009 Share Posted June 2, 2009 If you set a session on some page, session_start(); $_session['user'] = "someusername"; Then if you unset that session on a different page unset($_session['user']); does that clear this 'user' session on every page or just the page you unset it on? Quote Link to comment https://forums.phpfreaks.com/topic/160640-help-with-sessions/ Share on other sites More sharing options...
PFMaBiSmAd Posted June 2, 2009 Share Posted June 2, 2009 There is only one set of $_SESSION variables per browser session. If you unset any session variable, that variable no longer exists in that browser's session. If you are asking because something your are doing is not working, it is much better to post your code and state what it is or is not doing than to ask a general question about if something behaves a certain way (which you can generally find out by simply testing for yourself, quicker than waiting around in a forum for someone to answer.) For your code you posted, $_session is not the same as $_SESSION. $_session is just a variable local to the current script. $_SESSION (assuming your have a session_start() statement) is a session variable. Quote Link to comment https://forums.phpfreaks.com/topic/160640-help-with-sessions/#findComment-847760 Share on other sites More sharing options...
johntp Posted June 2, 2009 Share Posted June 2, 2009 You may want to do somehting like this if you're trying to log somone out. <?php // logout.php session_start(); unset($_SESSION); // you may want to delete the session cookie if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-60); } session_destroy(); echo 'You have been logged out.'; ?> Quote Link to comment https://forums.phpfreaks.com/topic/160640-help-with-sessions/#findComment-847769 Share on other sites More sharing options...
rv20 Posted June 2, 2009 Author Share Posted June 2, 2009 Thanks that has cleared all that up. So if i have a login script and set a session var if all is validated, session_start(); $_SESSION['user'] = $_POST['user']; So that EVERY page that a user then goes to i can add this at the top of the page, session_start(); if(!isset($_SESSION['user'])){ //whatever i have to do, redirect etc... } This allows me to see if the user is logged in, i can have a logout link linking to logout.php with logout.php simply, session_start(); unset($_SESSION['user']); header("location: home.php"); This seems all a bit simple i suppose if someone got hold of your session cookie or maybe there are other exploits (xss) or css injection, to get around this the could compromise your site, what other methods would you use to secure this method of checking for logged into via sessions? Quote Link to comment https://forums.phpfreaks.com/topic/160640-help-with-sessions/#findComment-847779 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.