Jump to content

Best way to log someone out? php sessions


MattL019

Recommended Posts

Hey. So, here is what I'm trying to do:

I am using PHP sessions. I have a 'LOG OUT' button, which when pressed redirects the user to 'logout.php'. Here is logout.php:

<?php
session_start();

foreach($_SESSION as $item) {
  unset($item);
}

session_destroy();
header("Location: index.php");
?>

My understanding is, that, this will clear $_SESSION and then destroy the session. Then, it will redirect to 'index.php'.

 

Now, I have a sidebar on my website that is only shown if the user is logged in. So, in index.php I have this script:

<?php if(isset($_SESSION['username'])) include 'sidebar.php'?>

Now, here is my problem:

On my local dev environment, this works as it should. Clicking logout works first time and redirects to index.php, where the sidebar is no longer shown. However, on my public web server, when clicking 'logout', it doesn't work first try, or second, or third. It varies, though I'd say it works on about the 50th click. Now, this makes me think perhaps it's a time-period thing (I honestly have no clue). And the fact that it works on my local machine and not on my web host makes me think it's something to do with a setting perhaps on the server? I don't have much knowledge of this so hopefully you guys can help me out. Thank you

 

Update: When clicking on logout ONCE, then going to another page (myprofile.php) it then asks you to log in again. So, the logout is working.. just not updating on my index.php. Though, I'm unsure why it is not updating on my index.php, as I have made if statements to check if the user is logged in or not, to prevent certain items being loaded. Here is my index.php:

<!DOCTYPE html>
<html>
  <head>
    <?php
      include "inc/database.php";

      session_start();
      if(isset($_SESSION['username'])) {
        include 'php/load_player_data.php';
      }
    ?>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title><?php echo $title ?></title>
    <link rel="stylesheet" href="css/normalize.css" type='text/css'>
    <link rel="stylesheet" href="css/style.css" type='text/css'>
    <link rel="stylesheet" href="css/responsive.css" type='text/css'>
    <link href="https://fonts.googleapis.com/css?family=Fjalla+One|Nunito" rel="stylesheet">
    <script
      src="https://code.jquery.com/jquery-3.2.1.min.js"
      integrity="sha256-hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4="
      crossorigin="anonymous"></script>
  </head>
  <body>
    <nav class='nav-bar'>
      <p class='nav-title'><a href='index.php'>The Last Laugh</a></p>
      <?php
        if(!isset($_SESSION['username'])) {
          echo '<ul class="nav-menu">
                  <li><a href="login.php">LOG IN</a></li>
                  <li><a href="signup.php">SIGN UP</a></li>
                </ul>';
        } else {
          echo '<ul class="nav-menu">
                  <li><a href="logout.php">LOG OUT</a></li>
                </ul>';
        }
      ?>
    </nav>

    <?php if(isset($_SESSION['username'])) include 'sidebar.php'?>

    <div class="content">
Link to comment
Share on other sites

Obviously that should not be.

 

What browser and version are you using? What OS and version is the problem server? What Php version on problem server? Just trying to get an idea of what you are working with.

 

Have you tried a different browser? Are you going from www to non www or vice versa?

Link to comment
Share on other sites

Perhaps. I mean, sessions work, it just takes a while after clearing one until it updates index.php.

I asked a support member, and he told me it was definitely a coding issue (even though it works instantly and as it should on my local server).

Link to comment
Share on other sites

 

foreach($_SESSION as $item) {
  unset($item);
}
My understanding is, that, this will clear $_SESSION

 

That foreach loop effectivly does nothing. It goes though each value in $_SESSION, assigns a copy of it to $item then you delete that copy, but the original is still intact. If you want to clear the $_SESSION array of everything then just re-assign it:

$_SESSION = [];
Link to comment
Share on other sites

That foreach loop effectivly does nothing. It goes though each value in $_SESSION, assigns a copy of it to $item then you delete that copy, but the original is still intact. If you want to clear the $_SESSION array of everything then just re-assign it:

$_SESSION = [];

Ah okay, that makes a lot of sense, thank you. I guess my code still worked though because I was destroying the session.

Link to comment
Share on other sites

Obviously that should not be.

 

What browser and version are you using? What OS and version is the problem server? What Php version on problem server? Just trying to get an idea of what you are working with.

 

Have you tried a different browser? Are you going from www to non www or vice versa?

 

I am using Google Chrome. The server is Apache, I believe the OS is Unix. PHP version is 5.6.30

It doesn't work on Firefox, either (I just tried). 

 

I'm not sure the difference between www and non-www, though I have always had it to be non-www. Every page is non-www

Link to comment
Share on other sites

For fun sake. I didn't realize you were dude from other thread. I have reviewed the files on your server and they are still all kinds of wrong. You did not make all the changes I told you in the other thread. Update your code per my PM and go from there.

 

@FellowExperts, the code has many issues that need to be handled first so don't spin your wheels on this issue. The session issue posted here is a result of all the other problems.

Link to comment
Share on other sites

For fun sake. I didn't realize you were dude from other thread. I have reviewed the files on your server and they are still all kinds of wrong. You did not make all the changes I told you in the other thread. Update your code per my PM and go from there.

 

@FellowExperts, the code has many issues that need to be handled first so don't spin your wheels on this issue. The session issue posted here is a result of all the other problems.

 

I am obviously new to PHP and still learning. I am asking on this forum not only to fix my issues at hand but to learn. I appreciate you taking time out of your day in attempts to help me, but simply stating my code is all kinds of wrong gets me no where. And the changes you told me to make, I made, except from 2 of the things, which is using PDO and using the REQUEST_METHOD. The reason behind not using these is because my current code works and is enough to get a quick proto-type up and running, which is what I am aiming for. It would help if you told me WHY my code is 'all kinds of wrong', and explain why your method is better. Is it for security reasons? Performance? Best practice? I am fully aware that just because a method works doesn't mean it is the correct one to use. I just need a reason why. After all, this is the help section of the forum.

Link to comment
Share on other sites

I did tell you in the other thread. And no, you didn't do everything I told you. No, your current code does not work or you would not have started this thread.

 

I have also provided you solid code examples from my repository on how to do it correctly. What more do you want?

 

I know you are just learning. There is no problem with that. There is a bit of a problem if you do not follow the advice you are given, all of it, not just parts. Your code pretty much requires a complete re-write. It is better to show you the right way then go through every single thing wrong with it. Think about when a car is totaled in a wreck. You just say it is totaled and you need a new one. You don't spend time going over everything that is wrong with the car.

Link to comment
Share on other sites

I know you are just learning. There is no problem with that. There is a bit of a problem if you do not follow the advice you are given, all of it, not just parts. Your code pretty much requires a complete re-write. It is better to show you the right way then go through every single thing wrong with it. Think about when a car is totaled in a wreck. You just say it is totaled and you need a new one. You don't spend time going over everything that is wrong with the car.

 

Alright, I can sort of agree with that. I need to start somewhere, though, right? And my first try will never be the best way to do it. It is very discouraging when you say my code is all kinds of messed up, especially when left with no explanation as to why. I am going to look into PDO, and prepared statements, and try to sift my way through the files you gave me. Keep in mind, I've never learnt about the OOP side of PHP, so that is something I should do first. Then I will come back hopefully with code you deem acceptable. :)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.