My Sessions don't get Destroyed - Need help

[chobo2]

Hi

 

I think my sessions are not getting destroyed and I don't know why .

 

This is what I have:

 

So assume everything is correct the user types in the right password and everything(so I won't show you the main_login.php i have since it just a form that goes to authenticate.php)

 

 

authenticate.php(this is where it all happens. There is some code above it but I don't think you need to see it since all it is grabbing stuff and checking the db)

 

if (mysql_num_rows($results)) {
    /* function returns true if any matches are found */
    session_start();
    
    /* checks before the session is made*/
    echo '<pre>before-AUTHENTICATE PAGE: ';
    print_r($_SESSION);
    echo '</pre>';
    
    
    
    $_SESSION["auth"] = true;
    $_SESSION["user"] = $user;
    
    
    
    /* checks after the session is made */
    echo '<p><pre>after: ';
    print_r($_SESSION);
    echo '</pre>';
    
    
    
    echo "Login Successful";
    echo "<br />";
    echo "You will be redirected in <font color=\"#0000FF\"><span id='container'></span></font> seconds....";
    print $_SESSION["user"];
    print $_SESSION["auth"];
    header('refresh: 5; url=../ACmPage/home.php');
    
} else {
    echo "UserName/Password is incorrect please try again.";
    echo "<br />";
    echo "You will be redirected in <font color=\"#0000FF\"><span id='container'></span></font> seconds.... ";
    header('refresh: 5; url=../ACmPage/home.php');
    $_SESSION["auth"] = false;
}
?

 

 

Output:

before-AUTHENTICATE PAGE: Array
(
)

after: Array
(
    [auth] => 1
    [user] => chobo2
)

Login Successful
)

 

plus a little countdown till it goes to next page(not shown). Now assume it went to the next page(because it does).

 

Now we are at a file called home.php Their is nothing too special in this page but it has an include file that makes it special called menu.php(since it has this code in it)

 

menu.php file that gets included into home.php(and lot of other pages because login is on everypage)

 

  <?php 
      
      session_start();
 /* print session_register("auth"); */
      if($_SESSION["auth"] == true)
  {
  	include("../Logout/logout.php");  	
  }
 else
	 {
       include("../Login/main_login.php");
	 }
  ?>

 

This code is stored in a divbut that should make no difference. So as you can see if it is true(so the session has been turned on and the user has been logged in) then always go to logout.php(what contains a button in a form).

 

logout.php

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
  <tr>
    <form name="form1" method="post" action="../Logout/endSession.php">
      <td><input type="submit" name="Submit" value="Logout"></td>
    </form>
  </tr>
</table>

 

As you can see on click it will go to the endSession.php.

 

endSession.php

<?php

ob_start();

session_start();
echo '<pre>before:-END SESSION ';
print_r($_SESSION);
echo '</pre>';

session_destroy();

echo '<p><pre>after: ';
print_r($_SESSION);
echo '</pre>';

/* $URL = "../ACmPage/home.php";
header("Location: $URL");*/
?>

 

So if I clicked the logout button on the logout.php form it would go to this page and here is the output:

 

before:-END SESSION Array
(
    [auth] => 1
    [user] => chobo2
)

after: Array
(
    [auth] => 1
    [user] => chobo2
)

 

As you can see before and after it is all their still.

[MadTechie]

i had the same problem

 

my work around was

<?php
		unset($_SESSION['user']);
		unset($_SESSION['auth']);
		session_unset();
		session_destroy();
		$_SESSION = array(); //<-- Humm not sure why thats their!!

?>