jwhite68 Posted July 6, 2007 Share Posted July 6, 2007 I am trying to ensure the session itself is killed on my logout procedure. This is a segment from the end of my logout.php: if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-42000, '/');} session_destroy(); header("Location: goodbye.php"); Basically, after the user has logged out, I want the session id to be deleted. The script then refers them to goodbye.php. goodbye.php has a hyperlink back to the login page. The problem is, when I click the hyperlink which takes me back to the login page, I still see the same session id (when i output the session info). My goodbye.php script does not have session_start() in it anywhere. Does anyone know if I am doing something wrong above? Quote Link to comment Share on other sites More sharing options...
MemphiS Posted July 6, 2007 Share Posted July 6, 2007 Did you place session_start(); at the top of the logout page? Quote Link to comment Share on other sites More sharing options...
jwhite68 Posted July 6, 2007 Author Share Posted July 6, 2007 I did have one include just above the session_start() - you think that could be it? Quote Link to comment Share on other sites More sharing options...
MemphiS Posted July 6, 2007 Share Posted July 6, 2007 Below is one of my logout scripts which works fine... <?php session_start(); session_destroy(); header("Location: index.php"); ?> Quote Link to comment Share on other sites More sharing options...
jwhite68 Posted July 6, 2007 Author Share Posted July 6, 2007 Moving my session_start to the top didnt help. In your script, if you try to view the session info, do you see the same session id? I have read that session_destroy only deletes the session variables, but does not delete the session_id itself. Quote Link to comment Share on other sites More sharing options...
MemphiS Posted July 6, 2007 Share Posted July 6, 2007 http://au3.php.net/manual/en/function.session-destroy.php Quote Link to comment Share on other sites More sharing options...
jwhite68 Posted July 6, 2007 Author Share Posted July 6, 2007 Exactly - thats the page I am referring to. My code uses the sample code in here to try and delete the session_id (ie the cookie). But this simply doesnt work. When I am referred back to the login page, and have an echo for the session_id - its still showing the same value as for the previously logged in session. Quote Link to comment Share on other sites More sharing options...
jwhite68 Posted July 6, 2007 Author Share Posted July 6, 2007 I also tried this: unset($_SESSION['PHPSESSID']); if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-42000, '/');} Doesnt help. I cant understand how the same session can still be shown, when I have passed control via a page that doesnt have session_start(). Quote Link to comment Share on other sites More sharing options...
per1os Posted July 6, 2007 Share Posted July 6, 2007 The header redirect could be toying with you. Try using a javascript redirect instead and see if that works. Quote Link to comment Share on other sites More sharing options...
jwhite68 Posted July 6, 2007 Author Share Posted July 6, 2007 But this header redirect takes it to a page (called goodbye.php) - which just has a hyperlink on it that takes it back to the login page (via a href). I dont see how changing just the header redirect to javascript will work. Quote Link to comment Share on other sites More sharing options...
per1os Posted July 6, 2007 Share Posted July 6, 2007 Doesn't matter if you can't see how. Sometimes headers and sessions do not get along. For instance I bet if you tried setting a session variable than do a header redirect to a page that should display that value it probably would not work. Give that a try and see if I am right, if I am than the problem lies within the header redirect. If I am not, than well we know it is not the header causing the issue. Quote Link to comment Share on other sites More sharing options...
jwhite68 Posted July 6, 2007 Author Share Posted July 6, 2007 I have to admit that I am unsure how to get a javascript redirect working in my logout.php, since it has no HTML or visible elements. Do you have some advice for this? Quote Link to comment Share on other sites More sharing options...
MemphiS Posted July 6, 2007 Share Posted July 6, 2007 <?php session_start(); if (isset($_COOKIE[session_name()])){setcookie(session_name(), '', time()-42000, '/');} session_destroy(); echo("<script type='text/javascript'>parent.location='./goodbye.php'</script>"); ?> Try it takes two seconds.. chances are frost110 is right Quote Link to comment Share on other sites More sharing options...
per1os Posted July 6, 2007 Share Posted July 6, 2007 <?php session_start(); session_destroy(); echo '<script type="text/javacsript">location.href=\'goodbye.php\';</script>'; ?> Quote Link to comment Share on other sites More sharing options...
jwhite68 Posted July 6, 2007 Author Share Posted July 6, 2007 Frost - I tried that, also remiving the semicolon you had in the line. But it just stops at logout.php, and doesnt redirect anywhere. Quote Link to comment Share on other sites More sharing options...
per1os Posted July 6, 2007 Share Posted July 6, 2007 <?php session_start(); session_destroy(); echo '<script type="text/javacsript">window.location=\'http://www.yoursite.com/path/to/goodbye.php\';</script>'; ?> Replace the yoursite and path with the full path to goodbye.php see if that works. Quote Link to comment Share on other sites More sharing options...
jwhite68 Posted July 6, 2007 Author Share Posted July 6, 2007 Memphis - I tried yours and it redirects to goodbye.php. But the same session id is shown when I follow the link to the login page. So the problem does not appear to be with the header redirect. Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted July 6, 2007 Share Posted July 6, 2007 Try this: <?php session_start(); session_unset(); session_destroy(); $_SESSION = Array(); ?> Also, I don't see the point in "good bye" or "you have been logged out" messages with a link back to the home page. Why not just redirect back to the home page, the user will know they've logged out when they're faced with the log in screen again. Quote Link to comment Share on other sites More sharing options...
jwhite68 Posted July 6, 2007 Author Share Posted July 6, 2007 Sorry that didnt work either. Initially, my logout did take the user back to the home page. However, because I saw the same session_id there - I thought that directing to a separate page with no session_start() would solve the problem, but it didnt. So, jumping to a 'good bye' page was really a workaround for the problem. As it happens, it hasnt worked anyway. So if I can get to the bottom of this, I hope to revert back to just returning to login page (home page) via header redirect. Quote Link to comment Share on other sites More sharing options...
jwhite68 Posted July 6, 2007 Author Share Posted July 6, 2007 Here the full logout.php: <?php session_start(); include("dbconnect.php"); // track logout time in statistics if user logged in if($_SESSION['online'] && $_SESSION['LoginStatus']){ @mysql_query("UPDATE stats_ppl_online SET logout_time=now() WHERE session_id='".session_id()."'"); } // kill session $_SESSION['LoginStatus'] = ''; unset($_SESSION['PHPSESSID']); session_unset(); //if (isset($_COOKIE[session_name()])) { // setcookie(session_name(), '', time()-42000, '/');} session_destroy(); $_SESSION = array(); //header("Location: goodbye.php"); echo("<script type='text/javascript'>parent.location='goodbye.php'</script>"); //exit(); ?> Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted July 6, 2007 Share Posted July 6, 2007 What does this output: <?php session_start(); include("dbconnect.php"); // track logout time in statistics if user logged in if($_SESSION['online'] && $_SESSION['LoginStatus']){ @mysql_query("UPDATE stats_ppl_online SET logout_time=now() WHERE session_id='".session_id()."'"); } echo "<pre style=\"text-align: left;\">" . print_r($_SESSION, true) . "</pre>"; session_unset(); session_destroy(); $_SESSION = array(); echo "<pre style=\"text-align: left;\">" . print_r($_SESSION, true) . "</pre>"; ?> Quote Link to comment Share on other sites More sharing options...
per1os Posted July 6, 2007 Share Posted July 6, 2007 <?php session_start(); include("dbconnect.php"); // track logout time in statistics if user logged in if($_SESSION['online'] && $_SESSION['LoginStatus']){ @mysql_query("UPDATE stats_ppl_online SET logout_time=now() WHERE session_id='".session_id()."'"); } // kill session foreach ($_SESSION as $key => $val) { $_SESSION[$key] = null; unset($_SESSION[$key]; } if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-42000, '/'); } session_destroy(); //header("Location: goodbye.php"); echo("<script type='text/javascript'>parent.location='goodbye.php'</script>"); //exit(); ?> Try that out and see where it gets you. Quote Link to comment Share on other sites More sharing options...
jwhite68 Posted July 6, 2007 Author Share Posted July 6, 2007 It shows: Array ( [online] => 1 [LoginStatus] => 1 [userId] => 5 ) Array ( ) Quote Link to comment Share on other sites More sharing options...
per1os Posted July 6, 2007 Share Posted July 6, 2007 <?php session_start(); include("dbconnect.php"); // track logout time in statistics if user logged in if($_SESSION['online'] && $_SESSION['LoginStatus']){ @mysql_query("UPDATE stats_ppl_online SET logout_time=now() WHERE session_id='".session_id()."'"); } // kill session foreach ($_SESSION as $key => $val) { $_SESSION[$key] = null; unset($_SESSION[$key]; } if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-42000, '/'); } session_destroy(); //header("Location: goodbye.php"); echo("<script type='text/javascript'>parent.location='goodbye.php'</script>"); //exit(); ?> Try that out and see where it gets you. That would of given a parse error, here is a fix <?php session_start(); include("dbconnect.php"); // track logout time in statistics if user logged in if($_SESSION['online'] && $_SESSION['LoginStatus']){ @mysql_query("UPDATE stats_ppl_online SET logout_time=now() WHERE session_id='".session_id()."'"); } // kill session foreach ($_SESSION as $key => $val) { $_SESSION[$key] = null; unset($_SESSION[$key]); // here would of been the parse error. } if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-42000, '/'); } session_destroy(); //header("Location: goodbye.php"); echo("<script type='text/javascript'>parent.location='goodbye.php'</script>"); //exit(); ?> But what are you doing on goodbye.php to display that output? Quote Link to comment Share on other sites More sharing options...
jwhite68 Posted July 6, 2007 Author Share Posted July 6, 2007 Sorry Frost, that didnt fix it either. The output I showed was from the code segment roopurt18 asked for. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.