Jump to content

Help with sessions

rv20

By rv20
in PHP Coding Help

 Share

Recommended Posts

rv20 Member

rv20

Posted
Posted

If you set a session on some page,

 

session_start();
$_session['user'] = "someusername";

 

 

Then if you unset that session on a different page

 

unset($_session['user']);

 

does that clear this 'user' session on every page or just the page you unset it on?

 

 

 

 

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

There is only one set of $_SESSION variables per browser session. If you unset any session variable, that variable no longer exists in that browser's session.

 

If you are asking because something your are doing is not working, it is much better to post your code and state what it is or is not doing than to ask a general question about if something behaves a certain way (which you can generally find out by simply testing for yourself, quicker than waiting around in a forum for someone to answer.)

 

For your code you posted, $_session is not the same as $_SESSION. $_session is just a variable local to the current script. $_SESSION (assuming your have a session_start() statement) is a session variable.

Link to comment
Share on other sites
johntp Member

johntp

Posted
Posted

You may want to do somehting like this if you're trying to log somone out.

 

<?php 
// logout.php 
session_start(); 
unset($_SESSION); 
// you may want to delete the session cookie 
if (isset($_COOKIE[session_name()])) { 
  setcookie(session_name(), '', time()-60); 
} 
session_destroy(); 
echo 'You have been logged out.'; 
?>

Link to comment
Share on other sites
rv20 Member

rv20

Posted
  • Author
Posted

Thanks that has cleared all that up.

 

So if i have a login script and set a session var if all is validated,

 

session_start();
$_SESSION['user'] = $_POST['user'];

 

So that EVERY page that a user then goes to i can add this at the top of the page,

 

session_start();
if(!isset($_SESSION['user'])){

//whatever i have to do, redirect etc...
	 }

 

This allows me to see if the user is logged in, i can have a logout link linking to logout.php with logout.php simply,

 

session_start();
unset($_SESSION['user']);
header("location: home.php");

 

 

This seems all a bit simple i suppose if someone got hold of your session cookie or maybe there are other exploits (xss) or css injection, to get around this the could compromise your site, what other methods would you use to secure this method of checking for logged into via sessions?

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.