Jump to content

Recommended Posts

I am following along in a PHP, MySQL book and the way they clear session variables is by:

 

session_start();
session_unset();
session_destroy();

 

They clear session variables like that in that exact order.

 

My question is that this apparently clears ALL session variables for the browser in use. Every website I have visited when you click a LOGOUT button ONLY logs you out of their specific site and DOES NOT seem to clear ALL session variables as this would log you out of any other websites that you might be logged into with that same browser.

 

So, I went to the PHP website and found out that instead of using the session_unset () function you can clear individual session variables using the unset ($_SESSION['varname']) function.

 

Is this a good way of clearing session variables ONLY for a PARTICULAR website and NOT clearing session variables for the WHOLE browser? If so, would I then NOT use the session_destroy () function after clearing each individual session variable specific to that ONE website using unset ($_SESSION['varname'])?

 

Thank you in advance!  ;)

Ahhh… Ok thank you for that. I’m thinking that the problem is: although I was visiting two separate websites, they were BOTH under LOCALHOST as I was developing locally so when when I cleared session variables for ONE test site it cleared session variables for EVERYTHING under http://localhost?

 

I guess then I have another simple question that relates:

 

There are two different LIVE (NOT localhost) sites under DIFFERENT domain names, they both have a session variable named $_SESSION['logged’], and this variable $_SESSION['logged’] when set to 1(ON) will determine whether or not a user is logged in and display appropriate HTML content. Will there be confusion by the browser between the two different LIVE websites and will there be a chance of content that shouldn’t be accessed (user not logged in) being displayed simply because the other site with the SAME session variable name is set to on?

 

$_SESSION['logged’] == 1

being ON

 

I guess all this confusion came about because my test sites were ALL under http://localhost?

 

Thank you again  :shy:

Will there be confusion by the browser between the two different LIVE websites and will there be a chance of content that shouldn’t be accessed (user not logged in) being displayed simply because the other site with the SAME session variable name is set to on?

 

No. The session id is propagated by the browser, by default, using a session id cookie and cookies of all kinds are specific to the domain that created the cookie.

 

For testing, if you really want to, you can create any number of 'fake' domains on your development system. You would make entries in your HOSTS file for each domain, for example - 127.0.0.1 www.example.com and then setup a virtual host in your web server's configuration that corresponds to that fake domain. You would then access that using http://www.example.com instead of http://localhost

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.