Best way to log someone out? php sessions

[MattL019]

Hey. So, here is what I'm trying to do:

I am using PHP sessions. I have a 'LOG OUT' button, which when pressed redirects the user to 'logout.php'. Here is logout.php:

<?php
session_start();

foreach($_SESSION as $item) {
  unset($item);
}

session_destroy();
header("Location: index.php");
?>

My understanding is, that, this will clear $_SESSION and then destroy the session. Then, it will redirect to 'index.php'.

 

Now, I have a sidebar on my website that is only shown if the user is logged in. So, in index.php I have this script:

<?php if(isset($_SESSION['username'])) include 'sidebar.php'?>

Now, here is my problem:

On my local dev environment, this works as it should. Clicking logout works first time and redirects to index.php, where the sidebar is no longer shown. However, on my public web server, when clicking 'logout', it doesn't work first try, or second, or third. It varies, though I'd say it works on about the 50th click. Now, this makes me think perhaps it's a time-period thing (I honestly have no clue). And the fact that it works on my local machine and not on my web host makes me think it's something to do with a setting perhaps on the server? I don't have much knowledge of this so hopefully you guys can help me out. Thank you

 

Update: When clicking on logout ONCE, then going to another page (myprofile.php) it then asks you to log in again. So, the logout is working.. just not updating on my index.php. Though, I'm unsure why it is not updating on my index.php, as I have made if statements to check if the user is logged in or not, to prevent certain items being loaded. Here is my index.php:

<!DOCTYPE html>
<html>
  <head>
    <?php
      include "inc/database.php";

      session_start();
      if(isset($_SESSION['username'])) {
        include 'php/load_player_data.php';
      }
    ?>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title><?php echo $title ?></title>
    <link rel="stylesheet" href="css/normalize.css" type='text/css'>
    <link rel="stylesheet" href="css/style.css" type='text/css'>
    <link rel="stylesheet" href="css/responsive.css" type='text/css'>
    <link href="https://fonts.googleapis.com/css?family=Fjalla+One|Nunito" rel="stylesheet">
    <script
      src="https://code.jquery.com/jquery-3.2.1.min.js"
      integrity="sha256-hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4="
      crossorigin="anonymous"></script>
  </head>
  <body>
    <nav class='nav-bar'>
      <p class='nav-title'><a href='index.php'>The Last Laugh</a></p>
      <?php
        if(!isset($_SESSION['username'])) {
          echo '<ul class="nav-menu">
                  <li><a href="login.php">LOG IN</a></li>
                  <li><a href="signup.php">SIGN UP</a></li>
                </ul>';
        } else {
          echo '<ul class="nav-menu">
                  <li><a href="logout.php">LOG OUT</a></li>
                </ul>';
        }
      ?>
    </nav>

    <?php if(isset($_SESSION['username'])) include 'sidebar.php'?>

    <div class="content">

Edited October 28, 2017 by MattL019

[benanamen]

See how this works for you

logout.php

<?php
session_start();
session_unset(); 
session_destroy();
die(header("Location: ./index.php"));

Edited October 28, 2017 by benanamen

[MattL019]

Alright, so I tested that script on the local version and it does work.

I then tested it on the web server, however it still only works after a minute or so. It's as if index.php takes a while to update? No clue..

[benanamen]

Replace the index.php code with this and see if there is any result when you log out.

<?php
session_start();
print_r($_SESSION);

 

[MattL019]

I have replaced it with that. So, when logging out it still shows 

Array ( [username] => mattl019 => xxxxx )

 

however, after enough time and refreshing the page a lot, it eventually changes to

Array ( )

[benanamen]

Obviously that should not be.

 

What browser and version are you using? What OS and version is the problem server? What Php version on problem server? Just trying to get an idea of what you are working with.

 

Have you tried a different browser? Are you going from www to non www or vice versa?

Edited October 28, 2017 by benanamen

[Stefany93]

Could it be a hosting problem? My previous hosting didn't have sessions enabled until I had to ask them.

[MattL019]

Perhaps. I mean, sessions work, it just takes a while after clearing one until it updates index.php.

I asked a support member, and he told me it was definitely a coding issue (even though it works instantly and as it should on my local server).

[kicken]

 

foreach($_SESSION as $item) {
  unset($item);
}

My understanding is, that, this will clear $_SESSION

 

That foreach loop effectivly does nothing. It goes though each value in $_SESSION, assigns a copy of it to $item then you delete that copy, but the original is still intact. If you want to clear the $_SESSION array of everything then just re-assign it:

$_SESSION = [];

[MattL019]

That foreach loop effectivly does nothing. It goes though each value in $_SESSION, assigns a copy of it to $item then you delete that copy, but the original is still intact. If you want to clear the $_SESSION array of everything then just re-assign it:

$_SESSION = [];

Ah okay, that makes a lot of sense, thank you. I guess my code still worked though because I was destroying the session.

[MattL019]

Obviously that should not be.

 

What browser and version are you using? What OS and version is the problem server? What Php version on problem server? Just trying to get an idea of what you are working with.

 

Have you tried a different browser? Are you going from www to non www or vice versa?

 

I am using Google Chrome. The server is Apache, I believe the OS is Unix. PHP version is 5.6.30

It doesn't work on Firefox, either (I just tried). 

 

I'm not sure the difference between www and non-www, though I have always had it to be non-www. Every page is non-www

[benanamen]

If you want, you can PM me a temporary ftp login and a temp user and pass for the script and I will look at it.

[benanamen]

For fun sake. I didn't realize you were dude from other thread. I have reviewed the files on your server and they are still all kinds of wrong. You did not make all the changes I told you in the other thread. Update your code per my PM and go from there.

 

@FellowExperts, the code has many issues that need to be handled first so don't spin your wheels on this issue. The session issue posted here is a result of all the other problems.

[MattL019]

For fun sake. I didn't realize you were dude from other thread. I have reviewed the files on your server and they are still all kinds of wrong. You did not make all the changes I told you in the other thread. Update your code per my PM and go from there.

 

@FellowExperts, the code has many issues that need to be handled first so don't spin your wheels on this issue. The session issue posted here is a result of all the other problems.

 

I am obviously new to PHP and still learning. I am asking on this forum not only to fix my issues at hand but to learn. I appreciate you taking time out of your day in attempts to help me, but simply stating my code is all kinds of wrong gets me no where. And the changes you told me to make, I made, except from 2 of the things, which is using PDO and using the REQUEST_METHOD. The reason behind not using these is because my current code works and is enough to get a quick proto-type up and running, which is what I am aiming for. It would help if you told me WHY my code is 'all kinds of wrong', and explain why your method is better. Is it for security reasons? Performance? Best practice? I am fully aware that just because a method works doesn't mean it is the correct one to use. I just need a reason why. After all, this is the help section of the forum.

[benanamen]

I did tell you in the other thread. And no, you didn't do everything I told you. No, your current code does not work or you would not have started this thread.

 

I have also provided you solid code examples from my repository on how to do it correctly. What more do you want?

 

I know you are just learning. There is no problem with that. There is a bit of a problem if you do not follow the advice you are given, all of it, not just parts. Your code pretty much requires a complete re-write. It is better to show you the right way then go through every single thing wrong with it. Think about when a car is totaled in a wreck. You just say it is totaled and you need a new one. You don't spend time going over everything that is wrong with the car.

Edited October 28, 2017 by benanamen

[MattL019]

I know you are just learning. There is no problem with that. There is a bit of a problem if you do not follow the advice you are given, all of it, not just parts. Your code pretty much requires a complete re-write. It is better to show you the right way then go through every single thing wrong with it. Think about when a car is totaled in a wreck. You just say it is totaled and you need a new one. You don't spend time going over everything that is wrong with the car.

 

Alright, I can sort of agree with that. I need to start somewhere, though, right? And my first try will never be the best way to do it. It is very discouraging when you say my code is all kinds of messed up, especially when left with no explanation as to why. I am going to look into PDO, and prepared statements, and try to sift my way through the files you gave me. Keep in mind, I've never learnt about the OOP side of PHP, so that is something I should do first. Then I will come back hopefully with code you deem acceptable.

[benanamen]

It was not a personal attack so there's no reason to feel bad. If you're going to be a programmer you need to be able to handle people telling you about your code if it's not right. Study the code I gave you and this tutorial and you will be well on your way. https://phpdelusions.net/pdo