Jump to content

[SOLVED] Reasons why I cant destroy a session???


Recommended Posts

hey guys!

 

I'm trying to write a basic membership script...yes im a total noob and im having dramas with the sessions and cookies. For some reason I am unable to kill the session or delete the cookie.

 

This is my logout code:

 

<?
    ob_start();
  $_SESSION['logged_in'] = 0;

  setcookie('login_cookie', "", time() - 60, '/', '.mysite.info');

  session_destroy();
  header("Location: http://www.mysite.info/demo");
?>

 

Now it works fine and doesnt throw an error BUT when I go back to the protected pages after logging out I can access it and it still says welcome USERNAME. The only way I can clear it is by manually deleting the cookies in IE.

 

Anyone got any reasons why Session_destroy aisnt working and the cookie is staying put ????

 

Cheers from a total php loser

 

Hi Mad Techie!

 

Thanks for the response mate :)

 

I tried that and i'm still not having much luck. The session still seems to be active and I can still access the session variables.

 

So my logout page now looks like:

 

<?
    ob_start();
   session_start();
  $_SESSION['logged_in'] = 0;

  setcookie('login_cookie', "", time() - 60, '/', '.yoursite.com');
  session_unset();
  session_destroy();
  header("Location: http://www.mysite/demo");
?>

 

Driving me nuts...and i know its got to be something im doing !

Try:

<?
    ob_start();
   session_start();
  $_SESSION['logged_in'] = 0;

  setcookie('login_cookie', "", time() - 60, '/', '.yoursite.com');
  session_unset();
  session_destroy();
$_SESSION = array();
  header("Location: http://www.mysite/demo");
?>

i have had the same problem..

 

my solution (workaround)

was to set the sessions to nulls ie

<?php
session_start();
$_SESSION['logged_in'] = null;
unset($_SESSION['logged_in']); //i know the manual said not to but it side effect works 
?>

 

whats the conditions to allow you in the private area ?

also check your NOT sending any output before this is called.. (ie echo "logging out";)

 

Oh yeah

add this (to remove the session cookie)

<?php
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');
}
?>

Yeah That didnt seem to help. There has to be somewhere in my code that is persisting these damn things...

 

here is my header code for access to private areas:

 

<?php
ob_start();
session_start();
require_once($_SERVER['DOCUMENT_ROOT'].'/db_connect.php');

//check cookie
if ($_SESSION['logged_in'] != 1 && isset($_COOKIE['login_cookie'])) {
    list($user, $pass) = explode('[]', $_COOKIE['login_cookie']);
     $qu = mysql_query("SELECT `user_password` FROM `members` WHERE `username` = '".addslashes($user)."'");
    if (mysql_num_rows($qu) == 1) {
        $passw = mysql_fetch_object($qu);
        if ($passw->user_password == $pass) {
          $_SESSION['logged_in'] = 1;
           $_SESSION['username'] = $user;
            $_SESSION['password'] = $pass;
        }
    }
}

if(!isset($_SESSION['username']) && !isset($_SESSION['password'])) {
   $_SESSION['logged_in'] = 0;
   $user = "Guest"; 
   // redirect user to login form
   header("Location: http://www.mysite.com/demo/login.php");
}
?>

Okay.. try this

 

create a new file containing ONLY the below..

<?php
session_start();
$_SESSION['logged_in'] = 0;
setcookie('login_cookie', "", time() - 60, '/', '.yoursite.com');
if (isset($_COOKIE[session_name()]))
{
    setcookie(session_name(), '', time()-42000, '/');
}
session_unset();
session_destroy();
header("Location: http://www.mysite/demo");
?>

 

now load this file directly from the URL.. and then try the private section

ok that didnt work or make any difference...BUT...I think i'm getting to the heart of the problem.

 

On my login form I have a checkbox with the remember me option...and it has the following code related to it:

 

if(!empty($_POST['stay_in'])) {  
         $joined =''.$_POST['username'].'[]'.md5($_POST['password']).'';
         setcookie('login_cookie', $joined, 2147483647, '/', '.www.mysite.info');   
    } //end if

 

This has to be the reason why the cookie isnt being reset due to the time limit...what do ya think ????

yup that worked!

 

I changed the time length of the cookie when it was set with the remember me option to be less than that of the logout argument and it worked perfectly!

 

So after all that fiddling we finally got there!

 

Thanks again everyone for all your fantastic help.

 

cheers

aussie

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.