Closing session for good on logout

jwhite68 · July 6, 2007

I am trying to ensure the session itself is killed on my logout procedure.

This is a segment from the end of my logout.php:

if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');}

session_destroy();
header("Location: goodbye.php");

Basically, after the user has logged out, I want the session id to be deleted. The script then refers them to goodbye.php. goodbye.php has a hyperlink back to the login page.

The problem is, when I click the hyperlink which takes me back to the login page, I still see the same session id (when i output the session info). My goodbye.php script does not have session_start() in it anywhere.

Does anyone know if I am doing something wrong above?

MemphiS · July 6, 2007

Did you place session_start(); at the top of the logout page?

jwhite68 · July 6, 2007

I did have one include just above the session_start() - you think that could be it?

MemphiS · July 6, 2007

Below is one of my logout scripts which works fine...

<?php
session_start();
session_destroy();
header("Location: index.php");
?>

jwhite68 · July 6, 2007

Moving my session_start to the top didnt help.

In your script, if you try to view the session info, do you see the same session id?

I have read that session_destroy only deletes the session variables, but does not delete the session_id itself.

MemphiS · July 6, 2007

http://au3.php.net/manual/en/function.session-destroy.php

jwhite68 · July 6, 2007

Exactly - thats the page I am referring to. My code uses the sample code in here to try and delete the session_id (ie the cookie). But this simply doesnt work.

When I am referred back to the login page, and have an echo for the session_id - its still showing the same value as for the previously logged in session.

jwhite68 · July 6, 2007

I also tried this:

unset($_SESSION['PHPSESSID']); 
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');}

Doesnt help.

I cant understand how the same session can still be shown, when I have passed control via a page that doesnt have session_start().

per1os · July 6, 2007

The header redirect could be toying with you. Try using a javascript redirect instead and see if that works.

jwhite68 · July 6, 2007

But this header redirect takes it to a page (called goodbye.php) - which just has a hyperlink on it that takes it back to the login page (via a href). I dont see how changing just the header redirect to javascript will work.

per1os · July 6, 2007

Doesn't matter if you can't see how.

Sometimes headers and sessions do not get along. For instance I bet if you tried setting a session variable than do a header redirect to a page that should display that value it probably would not work.

Give that a try and see if I am right, if I am than the problem lies within the header redirect. If I am not, than well we know it is not the header causing the issue.

jwhite68 · July 6, 2007

I have to admit that I am unsure how to get a javascript redirect working in my logout.php, since it has no HTML or visible elements. Do you have some advice for this?

MemphiS · July 6, 2007

<?php
session_start();
if (isset($_COOKIE[session_name()])){setcookie(session_name(), '', time()-42000, '/');}
session_destroy();
echo("<script type='text/javascript'>parent.location='./goodbye.php'</script>");
?>

Try it takes two seconds.. chances are frost110 is right

per1os · July 6, 2007

<?php
session_start();
session_destroy();
echo '<script type="text/javacsript">location.href=\'goodbye.php\';</script>';
?>

jwhite68 · July 6, 2007

Frost - I tried that, also remiving the semicolon you had in the line. But it just stops at logout.php, and doesnt redirect anywhere.

per1os · July 6, 2007

<?php
session_start();
session_destroy();
echo '<script type="text/javacsript">window.location=\'http://www.yoursite.com/path/to/goodbye.php\';</script>';
?>

Replace the yoursite and path with the full path to goodbye.php see if that works.

jwhite68 · July 6, 2007

Memphis - I tried yours and it redirects to goodbye.php. But the same session id is shown when I follow the link to the login page.

So the problem does not appear to be with the header redirect.

roopurt18 · July 6, 2007

Try this:

<?php
  session_start();
  session_unset();
  session_destroy();
  $_SESSION = Array();
?>

Also, I don't see the point in "good bye" or "you have been logged out" messages with a link back to the home page. Why not just redirect back to the home page, the user will know they've logged out when they're faced with the log in screen again.

jwhite68 · July 6, 2007

Sorry that didnt work either.

Initially, my logout did take the user back to the home page. However, because I saw the same session_id there - I thought that directing to a separate page with no session_start() would solve the problem, but it didnt. So, jumping to a 'good bye' page was really a workaround for the problem. As it happens, it hasnt worked anyway.

So if I can get to the bottom of this, I hope to revert back to just returning to login page (home page) via header redirect.

jwhite68 · July 6, 2007

Here the full logout.php:

<?php
   session_start();
   include("dbconnect.php");	

// track logout time in statistics if user logged in
if($_SESSION['online'] && $_SESSION['LoginStatus']){	

@mysql_query("UPDATE stats_ppl_online 
         SET logout_time=now() 
         WHERE session_id='".session_id()."'");
}

// kill session
$_SESSION['LoginStatus'] = '';

unset($_SESSION['PHPSESSID']); 
session_unset();
//if (isset($_COOKIE[session_name()])) {
//    setcookie(session_name(), '', time()-42000, '/');}
session_destroy();
$_SESSION = array();
//header("Location: goodbye.php");
echo("<script type='text/javascript'>parent.location='goodbye.php'</script>");

//exit();
?>

roopurt18 · July 6, 2007

What does this output:

<?php
   session_start();
   include("dbconnect.php");	

   // track logout time in statistics if user logged in
   if($_SESSION['online'] && $_SESSION['LoginStatus']){	
@mysql_query("UPDATE stats_ppl_online 
         SET logout_time=now() 
         WHERE session_id='".session_id()."'");
    }

echo "<pre style=\"text-align: left;\">" . print_r($_SESSION, true)
     . "</pre>";			 
session_unset();
session_destroy();
$_SESSION = array();
echo "<pre style=\"text-align: left;\">" . print_r($_SESSION, true)
     . "</pre>";			 
?>

per1os · July 6, 2007

<?php
   session_start();
   include("dbconnect.php");	

// track logout time in statistics if user logged in
if($_SESSION['online'] && $_SESSION['LoginStatus']){	

@mysql_query("UPDATE stats_ppl_online 
         SET logout_time=now() 
         WHERE session_id='".session_id()."'");
}

// kill session
foreach ($_SESSION as $key => $val) {
     $_SESSION[$key] = null;
     unset($_SESSION[$key];
}

if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');
}

session_destroy();

//header("Location: goodbye.php");
echo("<script type='text/javascript'>parent.location='goodbye.php'</script>");

//exit();
?>

Try that out and see where it gets you.

jwhite68 · July 6, 2007

It shows:

Array
(
   [online] => 1
   [LoginStatus] => 1
   [userId] => 5
)

Array
(
)

per1os · July 6, 2007

<?php
   session_start();
   include("dbconnect.php");	

// track logout time in statistics if user logged in
if($_SESSION['online'] && $_SESSION['LoginStatus']){	

@mysql_query("UPDATE stats_ppl_online 
         SET logout_time=now() 
         WHERE session_id='".session_id()."'");
}

// kill session
foreach ($_SESSION as $key => $val) {
     $_SESSION[$key] = null;
     unset($_SESSION[$key];
}

if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');
}

session_destroy();

//header("Location: goodbye.php");
echo("<script type='text/javascript'>parent.location='goodbye.php'</script>");

//exit();
?>

Try that out and see where it gets you.

That would of given a parse error, here is a fix

<?php
   session_start();
   include("dbconnect.php");	

// track logout time in statistics if user logged in
if($_SESSION['online'] && $_SESSION['LoginStatus']){	

@mysql_query("UPDATE stats_ppl_online 
         SET logout_time=now() 
         WHERE session_id='".session_id()."'");
}

// kill session
foreach ($_SESSION as $key => $val) {
     $_SESSION[$key] = null;
     unset($_SESSION[$key]); // here would of been the parse error.
}

if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');
}

session_destroy();

//header("Location: goodbye.php");
echo("<script type='text/javascript'>parent.location='goodbye.php'</script>");

//exit();
?>

But what are you doing on goodbye.php to display that output?

jwhite68 · July 6, 2007

Sorry Frost, that didnt fix it either.

The output I showed was from the code segment roopurt18 asked for.

Sign In

Closing session for good on logout

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information