session_destroy not working.

[ballhogjoni]

this is my code to my logout page

<?php
session_unset();
session_destroy();
?>
<html>
<head>
<title>Logged Out</title>
</head>
<body>
<p align="center">You have been successfuly logged out.</p>
<p align="center"><a href="login.php">Log back in</a></p>
</body>
</html>

 

Why is the session not being destroyed. I mean I can hit the back button and refresh the page and I am logged in again.

[cooldude832]

need session_start(); to do anything first with sessions. 

[yarnold]

Make sure you use session_start() before using session functions.. also:

 

In the PHP help pages of session_unset(), someone solved an identical error by using

 

<?php
session_unset();
session_destroy();
$_SESSION = array();
?>

[ballhogjoni]

i am saorry my code does have the session_start() at the top and it doesn't work.

[cooldude832]

show us the whole script because what you showed us does not.

[ballhogjoni]

<?php
session_start();
session_unset();
session_destroy();
?>
<html>
<head>
<title>Logged Out</title>
</head>
<body>
<p align="center">You have been successfuly logged out.</p>
<p align="center"><a href="login.php">Log back in</a></p>
</body>
</html>

[cooldude832]

is logout a .php or .html page?

also just this should do

 
<?php
session_start();
sessoin_destroy();
if(empty($_SESSION)){
?>
logout stuff
<?php
}
?>

[yarnold]

<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');
}

// Finally, destroy the session.
session_destroy();
?> 

[ballhogjoni]

darn I tried bot of what you said and it still doesn't work. It is php not html.

[yarnold]

What code are you using to establish whether or not it worked?

[ballhogjoni]

no code just clicking the back button and then refreshing the page.

[yarnold]

After your last session destroying code put

 

print_r($_SESSION);

 

and paste in this thread what appears.

[ballhogjoni]

<?php
session_start();
session_destroy();
print_r($_SESSION);
if(empty($_SESSION)){
?>
<html>
<head>
<title>Logged Out</title>
</head>
<body>
<p align="center">You have been successfuly logged out.</p>
<p align="center"><a href="login.php">Log back in</a></p>
</body>
</html>
<?php
}
?>

 

print_r($_SESSION); displays array() and the logout stuff appears.

[yarnold]

Then the session has been destroyed successfully.  Instead of pressing the back button, manually navigate to the previous page, by typing the URL in the head of your browser.  Give that a go.

[NeilLindberg]

I messed around awhile before I got everything to work on my logout.

My question would be how to make this destroy work when one closes the Mozilla browser - IE destroyes sessions on close, Mozilla can be openned back up and you have your session back (unless you set the delete cookies on close under options).

here is my working logout code in my header.php file:

 

if($_GET['logout']=='logout'){

//UPDATE TIME_STAMP of logout

$query = "UPDATE users SET duration = TIMEDIFF(NOW(),active) WHERE id = '". $_SESSION['uid']."'";

$result = mysql_query($query);

$_SESSION['logged_in']=FALSE;

session_unregister('full_name');

session_destroy();

if($_GET['to_home'] == 1){

header("Location: ../../");

}else{

header("Location: ../login.php");

}

}