Jump to content

Recommended Posts

hi guys i need help with my session. im currently applying session in my page security im a newbie.my problem is when i logout and try to access my index page to test if my script work and will redirect me to the login page.but what happen is i can see my index page and my session still has its value.

 

my code for index.php

<?php

include('include/function.php');
session_start();

if($_SESSION['userName'] == '') {

header('location: login.php');

}

echo $_SESSION['userName'];

?>
<html>
<head>
<title>Home</title>
</head>
<body bgcolor="cyan">
<center></br></br>
Home View <a href="login.php">Logout</a>

</form>
</center>
</body>
</html>

 

logout.php

 

<?php
session_start();



unset($_SESSION['userName']);
$_SESSION = array();

session_destroy():

header('location: index.php');


?>

 

any input will be much appreciated

Link to comment
https://forums.phpfreaks.com/topic/165069-need-help-with-session/
Share on other sites

All you need on logout is

<?php
session_start();
unset($_SESSION['userName']);
header('location: index.php');
exit();
?>

 

And your index

<?php
session_start();
if(!strlen($_SESSION['userName']))) {
header('location: login.php');
exit();
}
?>

why remove session_destroy

Why use it? It doesn't remove any of the associated session data or clear a user cookie if used. Never needed this function!

 

php.net: But if you are intent upon using session_destroy(), know that it only empties out the variables when the page is reloaded or redirected to some other page. As long as it's the same page, the variables are still usable after invoking session_destroy().

 

If your session still has a value after unset() you are resetting it somewhere.

I'd do it like this

 

<?php

include('include/function.php');

session_start();
if(isset($_SESSION['userName']))
{
   echo $_SESSION['userName'];
}
else
{
   echo "<META HTTP-EQUIV = 'Refresh' Content = '0; URL =login.php'>";
}
?>
<html>
<head>
<title>Home</title>
</head>
<body bgcolor="cyan">
<center></br></br>
Home View <a href="login.php">Logout</a>

</form>
</center>
</body>
</html>

 

And for the logout:

 

<?php
session_start();
unset($_SESSION['userName']);
echo "<META HTTP-EQUIV = 'Refresh' Content = '0; URL =login.php'>";

?>

 

I changed the redirect to login, because the index should redirect them to login now anyways.

I'm not sure if this is a good idea:

 

echo "<META HTTP-EQUIV = 'Refresh' Content = '0; URL =login.php'>";

 

You can view the source of the page before it redirects using file_get_contents, so someone that wasn't logged in could technically still use the members area.

 

Use this:

 

header("Location:login.php");

echo "<META HTTP-EQUIV = 'Refresh' Content = '0; URL =login.php'>";

bad code. why would you echo prior to any html output? use headers to redirect to indicate a valid HTTP status. never echo prior to headers being sent.

 

chokies12 if your session data remains after unset then you must be resetting its value somewhere. try this sample script on a test page

 

<?php
session_start();
$_SESSION['name'] = "Joe";
print "session set - value: ".$_SESSION['name']."<br />";
unset($_SESSION['name']);
print "session unset - value: ".$_SESSION['name']; 
?>

The second printed line should contain no value for $_SESSION['name']

what i did was just put a session_destroy(); in top of my login page. i think my logout page has problems doesnt unset the value even if i put unser() ..

i did is when you press logout redirect the script to login page and will trigger the destroy part so it will not unset any value from my session variable.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.