aussiefly Posted December 30, 2007 Share Posted December 30, 2007 hey guys! I'm trying to write a basic membership script...yes im a total noob and im having dramas with the sessions and cookies. For some reason I am unable to kill the session or delete the cookie. This is my logout code: <? ob_start(); $_SESSION['logged_in'] = 0; setcookie('login_cookie', "", time() - 60, '/', '.mysite.info'); session_destroy(); header("Location: http://www.mysite.info/demo"); ?> Now it works fine and doesnt throw an error BUT when I go back to the protected pages after logging out I can access it and it still says welcome USERNAME. The only way I can clear it is by manually deleting the cookies in IE. Anyone got any reasons why Session_destroy aisnt working and the cookie is staying put ???? Cheers from a total php loser Quote Link to comment Share on other sites More sharing options...
MadTechie Posted December 30, 2007 Share Posted December 30, 2007 you need to use session_start(); with try <?php session_start(); //<--you need this session_unset(); session_destroy(); ?> Quote Link to comment Share on other sites More sharing options...
aussiefly Posted December 30, 2007 Author Share Posted December 30, 2007 Hi Mad Techie! Thanks for the response mate I tried that and i'm still not having much luck. The session still seems to be active and I can still access the session variables. So my logout page now looks like: <? ob_start(); session_start(); $_SESSION['logged_in'] = 0; setcookie('login_cookie', "", time() - 60, '/', '.yoursite.com'); session_unset(); session_destroy(); header("Location: http://www.mysite/demo"); ?> Driving me nuts...and i know its got to be something im doing ! Quote Link to comment Share on other sites More sharing options...
papaface Posted December 30, 2007 Share Posted December 30, 2007 Try: <? ob_start(); session_start(); $_SESSION['logged_in'] = 0; setcookie('login_cookie', "", time() - 60, '/', '.yoursite.com'); session_unset(); session_destroy(); $_SESSION = array(); header("Location: http://www.mysite/demo"); ?> Quote Link to comment Share on other sites More sharing options...
MadTechie Posted December 30, 2007 Share Posted December 30, 2007 i have had the same problem.. my solution (workaround) was to set the sessions to nulls ie <?php session_start(); $_SESSION['logged_in'] = null; unset($_SESSION['logged_in']); //i know the manual said not to but it side effect works ?> whats the conditions to allow you in the private area ? also check your NOT sending any output before this is called.. (ie echo "logging out" Oh yeah add this (to remove the session cookie) <?php if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-42000, '/'); } ?> Quote Link to comment Share on other sites More sharing options...
aussiefly Posted December 30, 2007 Author Share Posted December 30, 2007 Yeah That didnt seem to help. There has to be somewhere in my code that is persisting these damn things... here is my header code for access to private areas: <?php ob_start(); session_start(); require_once($_SERVER['DOCUMENT_ROOT'].'/db_connect.php'); //check cookie if ($_SESSION['logged_in'] != 1 && isset($_COOKIE['login_cookie'])) { list($user, $pass) = explode('[]', $_COOKIE['login_cookie']); $qu = mysql_query("SELECT `user_password` FROM `members` WHERE `username` = '".addslashes($user)."'"); if (mysql_num_rows($qu) == 1) { $passw = mysql_fetch_object($qu); if ($passw->user_password == $pass) { $_SESSION['logged_in'] = 1; $_SESSION['username'] = $user; $_SESSION['password'] = $pass; } } } if(!isset($_SESSION['username']) && !isset($_SESSION['password'])) { $_SESSION['logged_in'] = 0; $user = "Guest"; // redirect user to login form header("Location: http://www.mysite.com/demo/login.php"); } ?> Quote Link to comment Share on other sites More sharing options...
MadTechie Posted December 30, 2007 Share Posted December 30, 2007 Okay.. try this create a new file containing ONLY the below.. <?php session_start(); $_SESSION['logged_in'] = 0; setcookie('login_cookie', "", time() - 60, '/', '.yoursite.com'); if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-42000, '/'); } session_unset(); session_destroy(); header("Location: http://www.mysite/demo"); ?> now load this file directly from the URL.. and then try the private section Quote Link to comment Share on other sites More sharing options...
aussiefly Posted December 30, 2007 Author Share Posted December 30, 2007 ok that didnt work or make any difference...BUT...I think i'm getting to the heart of the problem. On my login form I have a checkbox with the remember me option...and it has the following code related to it: if(!empty($_POST['stay_in'])) { $joined =''.$_POST['username'].'[]'.md5($_POST['password']).''; setcookie('login_cookie', $joined, 2147483647, '/', '.www.mysite.info'); } //end if This has to be the reason why the cookie isnt being reset due to the time limit...what do ya think ???? Quote Link to comment Share on other sites More sharing options...
aussiefly Posted December 30, 2007 Author Share Posted December 30, 2007 yup that worked! I changed the time length of the cookie when it was set with the remember me option to be less than that of the logout argument and it worked perfectly! So after all that fiddling we finally got there! Thanks again everyone for all your fantastic help. cheers aussie Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.