Question

PHP end of session problem

Asked by: kcalder

I am using a timed logout script to force logout on a website after a certain amount of time. The js script contains a reference to the file used to unset session variables. The file used to unset session variables is simple and lifted below; I have the local and hosted database connection scripts listed and comment either one out as relevant. The routine works fine on my local machine and deletes the userSessionID variable. However, although the auto logout script is working on the site the delete query is not actioned. I have checked that the correct db connection is being used etc., but cannot understand why the query does not run.

<?php 
// Force logout based on timeout setting
 
if (!isset($_SESSION)) session_start();
 
// Delete the session entry in the database
// LOCAL - @ $db = new mysqli('localhost', 'kcalder', 'pw', 'db');
@ $db = new mysqli('localhost', 'root', 'pw', 'db');
if (!$db) die ('Could not connect to the database: '.mysql_error());
$user = $_SESSION['MM_Username'];
$query = "DELETE FROM session WHERE sessionUser='$user'";
$result = $db->query($query);
 
//to fully log out a visitor we need to clear the session variables
unset($_SESSION['MM_Username']);
unset($_SESSION['MM_UserGroup']);
unset($_SESSION['userSessionID']);
session_destroy();
exit;
?>

                                  
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:

Select allOpen in new window

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-09-23 at 00:56:35ID24754100
Tags

PHP

,

MySQL

Topics

PHP and Databases

,

PHP Scripting Language

Participating Experts
2
Points
100
Comments
57

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Unsetting a Cookie?
    On my main index for my site, it checks first to see if a cookie is set. If so, it grabs the value from the cookie, and forwards the user to their 'homepage' depending on a field in a table. I wrote a simple logout script (of which I don't really know what I'm doing). The ...
  2. unsetting $_server variables
    i am using $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] for user authentication, by the following code if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="site"'); header('HTTP/1.1 401 Unauthorized'); print('You are not authoris...
  3. unset specific session.
    After I register session as: session_register( 'login_usern' ); session_register( 'status'); $_SESSION['login_id'] = session_id(); Then I use it like : $_SESSION['login_id'] or $_SESSION['login_usern'] or $_SESSION['status'] Question: Can I just unset the particular ses...
  4. unset session in PHP
    I have page1.php redirect to page2.php. I store a session in page1 so that I can use the session variables in page2.I want to unset the session whenever page2 is closed. where should I put the unset(session)?

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: RQuadlingPosted on 2009-09-23 at 02:37:07ID: 25401213

There is no session_start() in the script, so there is no $_SESSION, no $_SESSION['MM_Username'], no $user, so the query ends up as


DELETE FROM session WHERE sessionUser=''


 

by: kcalderPosted on 2009-09-23 at 02:49:19ID: 25401271

The session_start() function is on line 4. Like I said the script works locally.

 

by: RQuadlingPosted on 2009-09-23 at 03:10:58ID: 25401364

Check the session directory. Make sure the web server has permissions to write to it.

And why did I not see that!

Can you add ...

<?php
error_reporting(-1);
ini_set('display_errors', 1);

to show ALL errors/warnings/notices.



 

by: kcalderPosted on 2009-09-23 at 07:46:58ID: 25403698

Not sure what you mean by sessions directory, I am writing to a database rather than a file.

 

by: Ray_PaseurPosted on 2009-09-23 at 08:45:25ID: 25404537

How do you test for errors with MySQLI?  Does it put something in $result?

You might want to add var_dump($_SESSION) to this script to see what you've got in there.  It looks like it could be a data dependent error.

 

by: RQuadlingPosted on 2009-09-23 at 09:18:36ID: 25404910

Nope.

You are using file session data.

If $_SESSION is not set, then you call session_start().

Nothing wrong with that, but you do not also call session_set_save_handler to set up the DB access.

So, again, load ...

<?php
phpinfo();
?>

and check what the session entries are.

Check the directory for the sessions and make sure that location is accessible.

And check the error logs

 

by: kcalderPosted on 2009-09-23 at 09:21:40ID: 25404949

Thanks, I have added var_dump($_SESSION) to the script as you suggested. However, it doesn't show anything on screen because the logout process goes straight back to the index page. Any suggestion as to how to check the dump?

 

by: kcalderPosted on 2009-09-23 at 10:03:20ID: 25405395

Session information is being written to /var/lib/php/session and I the session file is recording something. For example, I logged in, allowed the auto logout to execute and then checked the session file which contains this:

MM_Username|s:2:"12";MM_UserGroup|s:15:"businessManager";userSessionID|s:40:"3b03ecbc93af45b268b105360164ae471648187f";session_start|i:1253725180;fileUploadStatus|b:0;

Not sure whether there's anything helpful in there.

One thing I didn't say is that if the user logs out using the logout link the sessionID does get deleted from the database, it just isn't happening when the auto logout redirects to the endSession page.

 

by: RQuadlingPosted on 2009-09-24 at 01:07:19ID: 25410938

How is the auto-logout initiated?

How does it redirect to the index page? I don't see the code for that?

 

by: kcalderPosted on 2009-09-24 at 01:51:00ID: 25411158

I am using a script made available by Phil Palmieri (http://philpalmieri.com/2009/09/jquery-session-auto-timeout-with-prompt/) which has a redirect in it if you need to manage closing out session variables etc. You can see the script by following the url shown.

 

by: RQuadlingPosted on 2009-09-24 at 02:38:01ID: 25411386

I wonder if you could add the following to the code ...

<?php
file_put_contents('./logout.log', date('r : ') . var_export($_COOKIE, True) . PHP_EOL, FILE_APPEND);


to the logout script.

I suspect the session ID isn't coming into the script.

No session id = no session

No session = no session user

etc.

 

by: RQuadlingPosted on 2009-09-24 at 03:38:24ID: 25411717

Can you show the JS code you are using which is setting the logout_url?

In looking at the code ...

    var redirect = function()
    {
      if(opts.logout_url)
      {
        $.get(opts.logout_url);
      }
      window.location.href = opts.redirect_url;
    }


I'm a little worried about the timing.

So, an additional debug could be useful...


<?php
file_put_contents('./logout.log', 'Start LOGOUT : ' . date('r : ') . var_export($_COOKIE, True) . PHP_EOL, FILE_APPEND);

// Your logout code.

file_put_contents('./logout.log', 'End  LOGOUT : ' . date('r : ') . var_export($_COOKIE, True) . PHP_EOL, FILE_APPEND);
exit;
?>


But I'd also add something similar to the main redirected page.

<?php
file_put_contents('./logout.log', 'Start REDIRECT : ' . date('r : ') . var_export($_COOKIE, True) . PHP_EOL, FILE_APPEND);

// Your logout code.

file_put_contents('./logout.log', 'End  REDIRECT : ' . date('r : ') . var_export($_COOKIE, True) . PHP_EOL, FILE_APPEND);
?>


 

by: kcalderPosted on 2009-09-24 at 08:56:49ID: 25414729

The full JS code from the timedLogout.js file is below (copyright of Phil Palmieri). I have added the additional debug to the logout_url file (endSession.php) but cannot find the logout file on my system! However, I am not generating sessions using a cookie, why is $_COOKIE in there? Regarding the code for the main redirected page I am not sure where to put that because there is no auto-logout code on any page apart from endSession.php.

// JavaScript Document
(function($){
 $.fn.timedLogout = function(options) {
    var defaults = {
			inactivity: 30000, // 15 Minutes
			noconfirm: 10000, // 10 seconds
			sessionAlive: 10000, // 5 minutes
			redirect_url: 'http://localhost/~kcalder/RED/index.php',
			click_reset: true,
			alive_url: 'http://localhost/~kcalder/RED/menu.php',
			logout_url: 'http://localhost/~kcalder/RED/endSession.php'
		}
    
    //##############################
    //## Private Variables
    //##############################
    var opts = $.extend(defaults, options);
    var liveTimeout, confTimeout, sessionTimeout;
    var modal = "<div id='modal_pop'><p>You are about to be automatically logged out due to inactivity on the PMS.</p></div>";
    //##############################
    //## Private Functions
    //##############################
    var start_liveTimeout = function()
    {
      clearTimeout(liveTimeout);
      clearTimeout(confTimeout);
      liveTimeout = setTimeout(logout, opts.inactivity);
      
      if(opts.sessionAlive)
      {
        clearTimeout(sessionTimeout);
        sessionTimeout = setTimeout(keep_session, opts.sessionAlive);
      }
    }
    
    var logout = function()
    {
      
      confTimeout = setTimeout(redirect, opts.noconfirm);
      $(modal).dialog({
        buttons: {"Click to stay logged in":  function(){
          $(this).dialog('close');
          stay_logged_in();
        }},
        modal: true,
        title: 'Auto Logout'
      });
      
    }
    
    var redirect = function()
    {
      if(opts.logout_url)
      {
        $.get(opts.logout_url);
      }
      window.location.href = opts.redirect_url;
    }
    
    var stay_logged_in = function(el)
    {
      start_liveTimeout();
      if(opts.alive_url)
      {
        $.get(opts.alive_url);
      }
    }
    
    var keep_session = function()
    {
      $.get(opts.alive_url);
      clearTimeout(sessionTimeout);
      sessionTimeout = setTimeout(keep_session, opts.sessionAlive);
    } 
    
    //###############################
    //Build & Return the instance of the item as a plugin
    // This is basically your construct.
    //###############################
    return this.each(function() {
      obj = $(this);
      start_liveTimeout();
      if(opts.click_reset)
      {
        $(document).bind('click', start_liveTimeout);
      }
      if(opts.sessionAlive)
      {
        keep_session();
      }
    });
    
 };
})(jQuery);
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:

Select allOpen in new window

 

by: RQuadlingPosted on 2009-09-25 at 00:17:27ID: 25420616

So, if you are not using session cookies, you need to be getting the session id via the URL.

So, the logout_url needs to contain the session id.


But, from the code you've supplied so far, you _are_ using session cookies. Hence $_COOKIE being present.



I'm wondering if there is a gap in your understanding of how sessions are maintained.

Every request that a browser makes to a server is completely disconnected to every other request. This is by design and you cannot alter that.

This is known as "stateless".

HTTP is a stateless protocol.

Nothing exists before or after the request which the request can expect or rely on.


To get around this, the idea of a session exists.

The issue is how do you get these disconnected requests associated with the session.

The answer, in most cases, is a session cookie.

PHP's session cookie is, by default, PHPSESSID.

Run the attached script twice.

The first time the output will be an empty array. This is expected because the cookies coming into the script will not have the session (oh. thinking about this, you MAY actually have a value there - so if you can close your browser first, that will remove any session cookies for the domain).

The second time you run the script you will have output.

The session id is maintained as a cookie - this is transparent to you normally. You _CAN_ alter it, but you have to do more work.



What I am trying to determine is if using JS location.href and / or $.get(), supply the cookie.

If not, you can't connect to the server side session and no username/id and no delete in the DB.


If you can check your cookies in your browser first. If you have any for the local domain, deleting them will be useful to prove what I am talking about.

<?php
session_start();
var_dump($_COOKIE);
                                              
1:
2:
3:

Select allOpen in new window

 

by: kcalderPosted on 2009-09-26 at 03:07:30ID: 25429370

Thanks, I am just getting to grips with sessions. I understand what you are driving at. I am using cookies rather than the url extension to manage sessions. However, I don't think the JS file has anything to do with the session variables, my file endSession.php handles the session closure (or should), so once the JS file sets the redirect to endSession.php all that file does is delete the session from the session table which then allows the user to login again if required. If the session id is not deleted from the database then the user is not permitted to login as I have set up a routine to ensure that any given user can only have a single session open.

 

by: RQuadlingPosted on 2009-09-26 at 12:51:19ID: 25431283

For the endSession.php script, how does it know which session to delete?

 

by: RQuadlingPosted on 2009-09-26 at 12:56:01ID: 25431299

You'll probably say $_SESSION['MM_Username']

And I'll say No.

That's a value held in the session. Not the session itself.

The JS file _MUST_ supply a cookie to allow PHP to extract the session_id, so that the correct $_SESSION is setup so you can get the MM_Username value.

So. I need you to debug the endSession.php script.

So that is why I've asked you to log the cookies it receives. That's where the session id is.

If the cookie is empty, then the JS call is NOT supplying the cookie.

Without that, you can't continue.

Really. Honestly. 20 years as a s/w developer and a PHP ZCE say so!

Really really really.

Regards.

Richard.

P.S. You're lucky to get a response. The laptop is in the kitchen. I'm cooking chicken curries. I've got a bottle of wine or two open and Billy Bragg on nice and loud!

Good times!

 

by: kcalderPosted on 2009-09-26 at 14:26:29ID: 25431623

Right, I see now - how does endSession.php know which session to delete. Good question and one that I have clearly overlooked! Enjoy your chicken curry, wine and Billy Bragg. I'll get to debugging endSession.php and post the results.

Thanks!

 

by: RQuadlingPosted on 2009-09-28 at 01:48:13ID: 25437609

It went well.

I hope your debugging did.

 

by: kcalderPosted on 2009-09-28 at 03:16:31ID: 25437970

I will get around to it later today. What I don't understand though is how the auto-logout routine works fine on my local machine but not on the remote server; the code is exactly the same, the only thing that changes are the database connection parameters.

 

by: RQuadlingPosted on 2009-09-28 at 04:56:44ID: 25438459

Most likely it is a timing issue.

On index.php and menu.php, what do you do with the session data?

As AJAX calls are asynchronous, the GET (for the logout) happens at the same time as either the index.php or menu.php.

So, if these ALSO write to the current session (the one supplied in that request's cookie), you may end up simply writing a brand new entry.

On the table, do you have an IDENTITY/AUTOINC column?

If not add one.

Let's see if the session entry in the DB is being deleted and recreated.

 

by: kcalderPosted on 2009-09-28 at 05:48:23ID: 25438844

I have posted the full login script below. I generate a sha1 hashed session variable called userSessionID from their username (obtained from the login query) and check the database to determine whether it is already in there (no index or auto-increment for the table). If the user is already in the database then they are already logged in somewhere else and the session is destroyed (although the redirect to concurrentLogin.php doesn't seem to work). If the userSessionID is not found in the database then it is generated, inserted and the login continues to menu.php.

Once the user is at menu.php if they do nothing for the period set in the autoLogout.js script they get logged out using endSession.php which should simply delete the variable userSessionID from the database thus enabling them to login afresh.

<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}
 
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) 
{
	$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
 
if (isset($_POST['usr'])) 
{
  $loginUsername=$_POST['usr'];
  $password=sha1($_POST['pwd']);
  $MM_fldUserAuthorization = "userLevel";
  $MM_redirectLoginSuccess = "menu.php";
  $MM_redirectLoginFailed = "failure.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_RED_links, $RED_links);
  	
  $LoginRS__query=sprintf("SELECT user_pk, userName, password, userLevel FROM `user` WHERE user_pk=%s AND password=%s",
  GetSQLValueString($loginUsername, "int"), GetSQLValueString($password, "text")); 
   
  $LoginRS = mysql_query($LoginRS__query, $RED_links) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) 
  {
    $loginStrGroup  = mysql_result($LoginRS,0,'userLevel');
    
    //declare session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;
	$_SESSION['userSessionID'] = sha1(mysql_result($LoginRS,0,'userName'));
	
	// Used in timeout.php
	$_SESSION['session_start'] = time();
	
	// Set flag for file upload success/failure
	$_SESSION['fileUploadStatus'] = false;
	
	// *** Check the login details against current sessions to prevent multiple logins *** //
	// Connect to the database
	@ $db = new mysqli('localhost', 'kcalder', 'pw', 'db');
	// LOCAL...@ $db = new mysqli('localhost', 'root', 'pw', 'db');
	if (!$db) die ('Could not connect to the database: '.mysql_error());
	
	// Details of this login
	$user = $_SESSION['MM_Username'];
	$session = $_SESSION['userSessionID'];
 
	// Query the database
	$loginStatus = 0;
	$entries = 0;
	$query = "SELECT * FROM session";
	$result = $db->query($query);
	$num_results = $result->num_rows;
	for ($i = 0; $i < $num_results; $i++)
	{
		$row = $result->fetch_assoc();
		// If the user is in the session table check the entry
		if ($row['sessionUser'] == $user)
		{
			// There is an entry
			$entries++;
			// Check the session ID
			if (!strcmp($row['sessionID'], $session))
			{
				$loginStatus = 1;
			}
		}
	}
	
	// If loginstatus = 1 then user is already logged in and session needs to be destroyed
	if ($loginStatus == 1)
	{	
		unset($_SESSION['MM_Username']);
		unset($_SESSION['MM_UserGroup']);
		unset($_SESSION['userSessionID']);
		session_destroy();
		header("Location: concurrentLogin.php");
	}
	
	// If there are no entries insert the session details
	if ($entries == 0)
	{
		$query = "INSERT INTO session (sessionID, sessionUser) VALUES ('$session', '$user')";
		$result = $db->query($query);
	}
	
    if (isset($_SESSION['PrevUrl']) && false) 
	{
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else 
  {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:

Select allOpen in new window

 

by: RQuadlingPosted on 2009-09-28 at 09:00:19ID: 25440451

We need to start tracking what is happening.

Obviously, the scripts are not working as expected, so some debugging is required.

The following line should help ...

@file_put_contents('./debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);

I would put this line in several key places in the scripts to log what is happening.

The log file may grow very quickly.

The name (./debug.log) should be converted to an absolute filename so that if the scripts are in different folders, the same log file is written to.

So, a script like ...

<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}
 
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck']))
{
        $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
 
if (isset($_POST['usr']))
{


should become something like ...

Your log file will contain a line for each debug. This will allow you to see what is going on across multiple scripts.

You will need to make sure that the web server account has write access to the file.

<?php
					@file_put_contents('./debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
					@file_put_contents('./debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
  session_start();
					@file_put_contents('./debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
}
					@file_put_contents('./debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
 
$loginFormAction = $_SERVER['PHP_SELF'];
					@file_put_contents('./debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
if (isset($_GET['accesscheck'])) 
{
					@file_put_contents('./debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
        $_SESSION['PrevUrl'] = $_GET['accesscheck'];
					@file_put_contents('./debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
}
					@file_put_contents('./debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
 
if (isset($_POST['usr'])) 
{
					@file_put_contents('./debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
  
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:

Select allOpen in new window

 

by: RQuadlingPosted on 2009-09-28 at 09:09:24ID: 25440529

I'm really stuck with ...

      if(opts.logout_url)
      {
        $.get(opts.logout_url);
      }

This is saying to me ...

If there is a property of opts which does not evaluate as false, then ...

I can't see what $.get() does.

$ is jQuery - fair enough.

get() though is the CSS collector.

get( )      Returns: Array<Element>
Access all matched DOM elements.

get( index )      Returns: Element
Access a single matched DOM element at a specified index in the matched set.

Nothing to do with launching an HTTP GET request.

As I see it anyway.

Either way. Add the debugging.

You have to prove that the code works remotely by presenting a debug log file showing the calls are getting made.

I'm not convinced.

OOI, run the same debugged code locally. See what you get.

Do you have a live version I can see? I want to see what requests are actually generated? (Firefox with Firebug and Wireshark).

 

by: kcalderPosted on 2009-09-30 at 10:34:52ID: 25461235

I have put the debugging lines interspersed between all of the code that is involved in the auto logout procedure, and I have put them into the menu.php file as that's the page that the user is taken to when they first login. However, it seems that the file isn't getting written to the disk either locally or on the host server. I have set a full url path to the root of the site so I know that the folder has read/write access.

As the site I am working on is my company's intranet we'd have to go offline with this and I could set you up a temporary account so that you can see what's happening.

 

by: RQuadlingPosted on 2009-09-30 at 13:55:43ID: 25463553

Getting the debug working is pretty important.

Try this ...

<?php
error_reporting(-1);
ini_set('display_errors', 1);
echo 'Current dir:', getcwd(), ' and we wrote ', file_put_contents('./log.log', 'The time is : ' . date('r') . PHP_EOL, FILE_APPEND), ' bytes.', PHP_EOL;
?>

Wherever you place this file you should be getting a log.log file when you run it.

Try it locally.

 

by: kcalderPosted on 2009-09-30 at 14:40:45ID: 25463951

OK then, this is what I get when I run the file...

Current dir:/Users/kcalder/Sites/RED and we wrote Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/London' for 'BST/1.0/DST' instead in /Users/kcalder/Sites/RED/log.php on line 4 Warning: file_put_contents(./log.log): failed to open stream: Permission denied in /Users/kcalder/Sites/RED/log.php on line 4 bytes.

 

by: RQuadlingPosted on 2009-10-01 at 01:45:17ID: 25466857

Right.

2 problems.

The date.timezone issue is important as you may find all sorts of issues with cookie expiry times when dst changeover happens.

The important one is the permission denied.

I would recommend creating a folder with write permissions somewhere.

Then put the absolute path in the script...

file_put_contents('/some/path/with/write/permissions/log.log', ....


 

by: kcalderPosted on 2009-10-01 at 05:31:14ID: 25467929

OK, ignoring the time/date issue and concentrating on the main issue, I have created the folder and set write permissions for all. I changed the debug script to include the path to debug.log and included the debug script as below. With the auto logout routine working on my local machine (i.e., the userSessionID entry is deleted) the following is what's written to the debug.log file...

1,254,399,934.8552100658 /Users/kcalder/Sites/RED/menu.php:14:r6bjakk1ocb5u8bu4dnt8oedm1

which quite frankly means diddly to me.

<?php require_once('connections/RED_links.php'); 
@file_put_contents('http://localhost/~kcalder/RED/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
?>
<?php
//initialize the session
if (!isset($_SESSION)) 
{
	@file_put_contents('http://localhost/~kcalder/RED/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
	session_start();
}
// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
@file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != ""))
{
  @file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true"))
{
  @file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
  // Delete the session entry in the database
  @ $db = new mysqli('localhost', 'root', 'pw', 'db');
  @file_put_contents('/Users/kcalder/Sites/RED/log/debug.logg', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
 
  if (!$db) die ('Could not connect to the database: '.mysql_error());
 @file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
 
 $query = sprintf("DELETE FROM session WHERE sessionUser=%d", $_SESSION['MM_Username']);
 @file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
 
 $result = $db->query($query);
@file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
  
  //to fully log out a visitor we need to clear the session variables
  unset($_SESSION['MM_Username']);
  @file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
  unset($_SESSION['MM_UserGroup']);
  @file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
  unset($_SESSION['userSessionID']);
  @file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
  session_destroy();
  @file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
  
  $logoutGoTo = "index.php";
  if ($logoutGoTo) 
  {
    header("Location: $logoutGoTo");
    exit;
  }
}

                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:

Select allOpen in new window

 

by: kcalderPosted on 2009-10-01 at 05:34:12ID: 25467951

I am beginning to think that this might be a timing issue, the auto logout routine appears to work intermittently on my local machine, just not at all on the remote server.

 

by: RQuadlingPosted on 2009-10-01 at 06:08:37ID: 25468221

Can you change ...

@file_put_contents('http://localhost/~kcalder/RED/debug.log',

to

@file_put_contents('/Users/kcalder/Sites/RED/log/debug.log',

please.

The log file should show you a LOT more detail.

 

by: RQuadlingPosted on 2009-10-01 at 06:12:09ID: 25468252

1,254,399,934.8552100658 /Users/kcalder/Sites/RED/menu.php:14:r6bjakk1ocb5u8bu4dnt8oedm1

is broken down into ...

The time the debug line was generated : 1,254,399,934.8552100658
The fullname of the script writing the debug : /Users/kcalder/Sites/RED/menu.php
The line number in the file : 14
The session ID as provided by the $_COOKIE['PHPSESSID'] : r6bjakk1ocb5u8bu4dnt8oedm1

So, this log file will show you which lines of code (more or less) are being executed when the auto logout process kicks in.

Once we have that, I can explain what is happening.

 

by: kcalderPosted on 2009-10-01 at 06:23:56ID: 25468333

Yes, sorry I noticed the two lines with the wrong path in only once I had posted the code. I deleted the existing log file, logged in again and allowed the auto logout to fire. Here's the contents of the debug.log file now with the paths corrected...

1,254,403,303.2875320911 /Users/kcalder/Sites/RED/menu.php:2:r6bjakk1ocb5u8bu4dnt8oedm1
1,254,403,303.2877700329 /Users/kcalder/Sites/RED/menu.php:8:r6bjakk1ocb5u8bu4dnt8oedm1
1,254,403,303.2883310318 /Users/kcalder/Sites/RED/menu.php:13:r6bjakk1ocb5u8bu4dnt8oedm1

 

by: RQuadlingPosted on 2009-10-01 at 06:30:04ID: 25468393

And you've got the same file_put_contents line throughout the code dealing with the autologout?

 

by: kcalderPosted on 2009-10-01 at 07:30:39ID: 25469034

Er...coming right up!

 

by: kcalderPosted on 2009-10-01 at 07:56:32ID: 25469386

Presumably you mean interspersed in endSession.php not timedLogout.js?

 

by: kcalderPosted on 2009-10-01 at 08:21:23ID: 25469680

Well, this is what has been generated in the log file through two successive logins and auto logouts. The first 3 lines were generated after I was logged out automatically and the redirect failed to go to endSession.php. I can tell this because userSessionID is still in the database table and wasn't deleted meaning I had to remove it manually before trying to login again. The remaining lines were generated after a second login/auto-logout at which time the redirect to endSession.php worked.

1,254,410,155.1620330811 /Users/kcalder/Sites/RED/menu.php:2:r6bjakk1ocb5u8bu4dnt8oedm1
1,254,410,155.1623771191 /Users/kcalder/Sites/RED/menu.php:8:r6bjakk1ocb5u8bu4dnt8oedm1
1,254,410,155.1631588936 /Users/kcalder/Sites/RED/menu.php:13:r6bjakk1ocb5u8bu4dnt8oedm1
1,254,410,215.9074170589 /Users/kcalder/Sites/RED/menu.php:2:r6bjakk1ocb5u8bu4dnt8oedm1
1,254,410,215.9076359272 /Users/kcalder/Sites/RED/menu.php:8:r6bjakk1ocb5u8bu4dnt8oedm1
1,254,410,215.9079999924 /Users/kcalder/Sites/RED/menu.php:13:r6bjakk1ocb5u8bu4dnt8oedm1
1,254,410,240.7787539959 /Users/kcalder/Sites/RED/menu.php:2:r6bjakk1ocb5u8bu4dnt8oedm1
1,254,410,240.7790300846 /Users/kcalder/Sites/RED/menu.php:8:r6bjakk1ocb5u8bu4dnt8oedm1
1,254,410,240.7791829109 /Users/kcalder/Sites/RED/menu.php:13:r6bjakk1ocb5u8bu4dnt8oedm1
1,254,410,280.9987630844 /Users/kcalder/Sites/RED/endSession.php:6:r6bjakk1ocb5u8bu4dnt8oedm1
1,254,410,280.9992530346 /Users/kcalder/Sites/RED/endSession.php:12:r6bjakk1ocb5u8bu4dnt8oedm1
1,254,410,280.9993760586 /Users/kcalder/Sites/RED/endSession.php:14:r6bjakk1ocb5u8bu4dnt8oedm1
1,254,410,281.0017800331 /Users/kcalder/Sites/RED/endSession.php:20:r6bjakk1ocb5u8bu4dnt8oedm1
1,254,410,281.0019109249 /Users/kcalder/Sites/RED/endSession.php:27:r6bjakk1ocb5u8bu4dnt8oedm1
1,254,410,281.0019850731 /Users/kcalder/Sites/RED/endSession.php:29:r6bjakk1ocb5u8bu4dnt8oedm1
1,254,410,281.0026540756 /Users/kcalder/Sites/RED/endSession.php:31:r6bjakk1ocb5u8bu4dnt8oedm1
1,254,410,281.0027580261 /Users/kcalder/Sites/RED/endSession.php:36:r6bjakk1ocb5u8bu4dnt8oedm1
1,254,410,281.0028278828 /Users/kcalder/Sites/RED/endSession.php:38:r6bjakk1ocb5u8bu4dnt8oedm1
1,254,410,281.0028960705 /Users/kcalder/Sites/RED/endSession.php:40:r6bjakk1ocb5u8bu4dnt8oedm1
1,254,410,281.0032999516 /Users/kcalder/Sites/RED/endSession.php:42:r6bjakk1ocb5u8bu4dnt8oedm1

 

by: RQuadlingPosted on 2009-10-02 at 01:58:32ID: 25476107

Can you show your current endSession.php script please?

We can see the script is called WITH a valid session id. Now time to add some debugging with regard the DB DELETE.

Can you add the @file_put_content() line to any script that deals with the session/db stuff.

Trying to see the flow of things.

I'm wondering what happens after endSession is called.


With regard to ...


 $query = sprintf("DELETE FROM session WHERE sessionUser=%d", $_SESSION['MM_Username']);
 @file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
 

Is MM_Username a number cause that is what you are casting it as in the sprintf function.

Change the debug line here to ...

 @file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . ':' . $query . PHP_EOL, FILE_APPEND);

 

by: kcalderPosted on 2009-10-02 at 07:47:54ID: 25478430

The full endSession script is as in the snippet below. The outcome of running the debug on it with the adjusted debug line is as follows...

1,254,494,221.2450859547 /Users/kcalder/Sites/RED/menu.php:2:c270d9u5668ffffm6jl7lb64v0
1,254,494,221.2454929352 /Users/kcalder/Sites/RED/menu.php:8:c270d9u5668ffffm6jl7lb64v0
1,254,494,221.2487909794 /Users/kcalder/Sites/RED/menu.php:13:c270d9u5668ffffm6jl7lb64v0
1,254,494,261.4845840931 /Users/kcalder/Sites/RED/endSession.php:6:c270d9u5668ffffm6jl7lb64v0
1,254,494,261.4848310947 /Users/kcalder/Sites/RED/endSession.php:12:c270d9u5668ffffm6jl7lb64v0
1,254,494,261.4853150845 /Users/kcalder/Sites/RED/endSession.php:14:c270d9u5668ffffm6jl7lb64v0
1,254,494,261.4871919155 /Users/kcalder/Sites/RED/endSession.php:20:c270d9u5668ffffm6jl7lb64v0
1,254,494,261.4872961044 /Users/kcalder/Sites/RED/endSession.php:27:c270d9u5668ffffm6jl7lb64v0
1,254,494,261.4877259731 /Users/kcalder/Sites/RED/endSession.php:29:c270d9u5668ffffm6jl7lb64v0
1,254,494,261.4892289639 /Users/kcalder/Sites/RED/endSession.php:31:c270d9u5668ffffm6jl7lb64v0
1,254,494,261.4893510342 /Users/kcalder/Sites/RED/endSession.php:36:c270d9u5668ffffm6jl7lb64v0
1,254,494,261.4902369976 /Users/kcalder/Sites/RED/endSession.php:38:c270d9u5668ffffm6jl7lb64v0
1,254,494,261.4907789230 /Users/kcalder/Sites/RED/endSession.php:40:c270d9u5668ffffm6jl7lb64v0
1,254,494,261.4914829731 /Users/kcalder/Sites/RED/endSession.php:42:c270d9u5668ffffm6jl7lb64v0
 
The above was logged when the auto logout DID delete the user session information. However, I tried this once before this when it didn't delete the session informatin but the debug included the query command was output to the log. Very odd.

 

by: kcalderPosted on 2009-10-02 at 07:55:19ID: 25478508

Sorry, let's try that again. I had amended the debug in the wrong file. Putting the query string into the debug within endSession.php gives me...

1,254,495,234.8202230930 /Users/kcalder/Sites/RED/menu.php:2:c270d9u5668ffffm6jl7lb64v0
1,254,495,234.8204860687 /Users/kcalder/Sites/RED/menu.php:8:c270d9u5668ffffm6jl7lb64v0
1,254,495,234.8212630749 /Users/kcalder/Sites/RED/menu.php:13:c270d9u5668ffffm6jl7lb64v0
1,254,495,250.2579410076 /Users/kcalder/Sites/RED/menu.php:2:c270d9u5668ffffm6jl7lb64v0
1,254,495,250.2581501007 /Users/kcalder/Sites/RED/menu.php:8:c270d9u5668ffffm6jl7lb64v0
1,254,495,250.2607250214 /Users/kcalder/Sites/RED/menu.php:13:c270d9u5668ffffm6jl7lb64v0
1,254,495,290.4283299446 /Users/kcalder/Sites/RED/endSession.php:6:c270d9u5668ffffm6jl7lb64v0
1,254,495,290.4285249710 /Users/kcalder/Sites/RED/endSession.php:12:c270d9u5668ffffm6jl7lb64v0
1,254,495,290.4292490482 /Users/kcalder/Sites/RED/endSession.php:14:c270d9u5668ffffm6jl7lb64v0
1,254,495,290.4974210262 /Users/kcalder/Sites/RED/endSession.php:20:c270d9u5668ffffm6jl7lb64v0
1,254,495,290.4975779057 /Users/kcalder/Sites/RED/endSession.php:27:c270d9u5668ffffm6jl7lb64v0
1,254,495,290.4979400635 /Users/kcalder/Sites/RED/endSession.php:29:c270d9u5668ffffm6jl7lb64v0:DELETE FROM session WHERE sessionUser='13'
1,254,495,290.4992020130 /Users/kcalder/Sites/RED/endSession.php:31:c270d9u5668ffffm6jl7lb64v0
1,254,495,290.4993069172 /Users/kcalder/Sites/RED/endSession.php:36:c270d9u5668ffffm6jl7lb64v0
1,254,495,290.4998168945 /Users/kcalder/Sites/RED/endSession.php:38:c270d9u5668ffffm6jl7lb64v0
1,254,495,290.5003309250 /Users/kcalder/Sites/RED/endSession.php:40:c270d9u5668ffffm6jl7lb64v0
1,254,495,290.5010468960 /Users/kcalder/Sites/RED/endSession.php:42:c270d9u5668ffffm6jl7lb64v0
 
Full endSession.php script in snippet below... 

<?php 
// Force logout based on timeout setting
 
if (!isset($_SESSION)) 
{
	@file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
	session_start();
}
 
// Report all errors
error_reporting(-1);
@file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
ini_set('display_errors', 1);
@file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
 
 
// Delete the session entry in the database
@ $db = new mysqli('localhost', 'root', 'pw', 'db');
@file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
if (!$db) 
{
	die ('Could not connect to the database: '.mysql_error());
	@file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
}
$user = $_SESSION['MM_Username'];
@file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
$query = "DELETE FROM session WHERE sessionUser='$user'";
@file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . ':' . $query . PHP_EOL, FILE_APPEND);
$result = $db->query($query);
@file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
 
 
//to fully log out a visitor we need to clear the session variables
unset($_SESSION['MM_Username']);
@file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
unset($_SESSION['MM_UserGroup']);
@file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
unset($_SESSION['userSessionID']);
@file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
session_destroy();
@file_put_contents('/Users/kcalder/Sites/RED/log/debug.log', number_format(microtime(True), 10) . ' ' . __FILE__ . ':' . __LINE__ . ':' . $_COOKIE['PHPSESSID'] . PHP_EOL, FILE_APPEND);
 
exit;
?>

                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:

Select allOpen in new window

 

by: RQuadlingPosted on 2009-10-02 at 07:59:14ID: 25478547

And is sessionUser 13 valid?

User_NAME_ ? Are you called "13"?

UseID would be fine and then I'd expect the query to use a number, not a string.

Add another column to the table. The column needs to be an autoinc/identity column. No need to change your code as the db will look after it.


There must be more code dealing with adding the session and logging the entry in the DB. Can you add the file_put_contents() line to that file please?



Either way, what it comes down to is the auto logout js script is wrong.

It shouldn't be calling 2 requests.

It should only call 1.

The endSession.php script should be doing the redirect.

 

by: kcalderPosted on 2009-10-02 at 13:08:59ID: 25481611

Er, MM_Username is actually a reference to the primary key of the user rather than a string, I need to change it to userID or something. Can you spell out for me what an autoinc column will do? The initial login is managed on the index page so I have added the debug logging to that and the results are below (not for the auto logout); not sure what it tells us.

But it's certainly a problem if the js script is wrong since the whole shooting match is based on it (and I didn't write it), and it contains a specific line for the redirect since it doesn't manage the session.

1,254,513,956.6509370804 /Users/kcalder/Sites/RED/index.php:38:ufckeq28i5v71imnn9qc21bcq0
1,254,513,965.9895958900 /Users/kcalder/Sites/RED/index.php:38:ufckeq28i5v71imnn9qc21bcq0
1,254,513,965.9898269176 /Users/kcalder/Sites/RED/index.php:51:ufckeq28i5v71imnn9qc21bcq0
1,254,513,965.9905819893 /Users/kcalder/Sites/RED/index.php:53:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0368568897 /Users/kcalder/Sites/RED/index.php:55:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0380160809 /Users/kcalder/Sites/RED/index.php:57:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0385909081 /Users/kcalder/Sites/RED/index.php:59:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0390551090 /Users/kcalder/Sites/RED/index.php:61:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0401389599 /Users/kcalder/Sites/RED/index.php:63:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0403740406 /Users/kcalder/Sites/RED/index.php:67:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0442609787 /Users/kcalder/Sites/RED/index.php:70:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0444281101 /Users/kcalder/Sites/RED/index.php:72:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0450160503 /Users/kcalder/Sites/RED/index.php:76:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0455410480 /Users/kcalder/Sites/RED/index.php:80:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0460689068 /Users/kcalder/Sites/RED/index.php:82:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0466320515 /Users/kcalder/Sites/RED/index.php:84:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0472300053 /Users/kcalder/Sites/RED/index.php:88:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0477559566 /Users/kcalder/Sites/RED/index.php:92:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0498719215 /Users/kcalder/Sites/RED/index.php:102:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0499949455 /Users/kcalder/Sites/RED/index.php:104:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0505158901 /Users/kcalder/Sites/RED/index.php:108:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0510690212 /Users/kcalder/Sites/RED/index.php:110:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0516428947 /Users/kcalder/Sites/RED/index.php:112:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0864300728 /Users/kcalder/Sites/RED/index.php:114:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0865991116 /Users/kcalder/Sites/RED/index.php:116:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0873539448 /Users/kcalder/Sites/RED/index.php:155:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0902509689 /Users/kcalder/Sites/RED/index.php:157:ufckeq28i5v71imnn9qc21bcq0
1,254,513,966.0904181004 /Users/kcalder/Sites/RED/index.php:166:ufckeq28i5v71imnn9qc21bcq0
1,254,513,970.8644230366 /Users/kcalder/Sites/RED/index.php:38:ufckeq28i5v71imnn9qc21bcq0
 

 

by: RQuadlingPosted on 2009-10-06 at 01:15:01ID: 25502745

I've not abandoned you. Been busy. Will try and get something for you to look at later this evening (about 8-9 hours time).

 

by: kcalderPosted on 2009-10-06 at 04:16:07ID: 25503722

No problem, I appreciate you making time to help me.

 

by: kcalderPosted on 2009-10-09 at 23:56:40ID: 25541112

Hi, just wondering if you are able to press on with this?

 

by: RQuadlingPosted on 2009-10-10 at 00:22:28ID: 25541156

Hi.

First of all, sorry for not getting back earlier. Life intrudes on my EE time.

I'm trying to find the sequence of database updates.

So, strip out all the file_put_content() lines.

But leave them in where they are next to lines dealing directly with amending the database (INSERT, UPDATE, DELETE, SELECT).

And leave one in at the very top of the file.

This will show the order in which files are accessed and the order in which the database is updated.

Do you have a live site I can look at?

All of this is pretty simple to debug with Firefox+Firebug and Wireshark. It will show you all the requests being made and the responses.



I think the problem is that the JS code is calling 2 requests at the same time. A logout AND a redirect.

I think the logout request is being killed before it starts because the redirect is kicking in too early.

The better solution is to redirect to the endSession.php script.

The endSession script does the logout and then issues a header to redirect the browser.

That way the browser only makes 1 request.

At the end of the endSession script ...

header('Location: http://www.example.com/');

sort of thing.

 

by: kcalderPosted on 2009-10-10 at 04:24:12ID: 25541834

Hi and thanks for getting back on this again. I have a live site but since it is a commercial intranet I'll need to set you up as a user and give you a login. This information would need to be forwarded to you outside of EE, so let me know how you would like me to do that. Meanwhile, I'll sort out the files I have been logging (index.php, menu.php, endSession.php) as indicated.

 

by: RQuadlingPosted on 2009-10-11 at 11:23:36ID: 25546792

You can email me at RQuadling at this site's domain.

 

by: kcalderPosted on 2009-10-11 at 14:03:48ID: 25547378

Thanks, you should now have received an email from me with login details.

 

by: kcalderPosted on 2009-10-13 at 03:05:35ID: 25558325

Richard, have you been able to login?

 

by: RQuadlingPosted on 2009-10-13 at 06:04:41ID: 25559392

Again, please accept my apologies. My time on EE is purely voluntary.

 

by: kcalderPosted on 2009-10-13 at 06:37:54ID: 25559714

Richard, I do understand. Does this mean that you are unable to continue?

 

by: RQuadlingPosted on 2009-10-13 at 07:10:01ID: 25560087

No. Just busy.

I've "Requested assistance" as I think a fresh mind may give you the answer I'm trying to get to.

 

by: Ray_PaseurPosted on 2009-10-14 at 19:10:15ID: 25576722

I can show you how to perform a standard logout operation, eliminating the session and the session data.  If you follow this logic and it still does not work, I think you might want to hire a developer to have a look at it.  Best regards, ~Ray

<?php // RAY_logout.php
// TEACHES HOW TO ELIMINATE A PHP SESSION
error_reporting(E_ALL);
 
// DEFINITIONS
define('COOKIE_LIFE', 60*60*24); // A 24-HOUR DAY IN SECONDS ( = 86,400 )
$cookie_expires	= time() - date('Z') - COOKIE_LIFE;
 
 
// ALWAYS START THE SESSION ON EVERY PAGE
session_start();
 
// CLEAR THE INFORMATION FROM THE $_SESSION ARRAY
$_SESSION = array();
 
// IF THE SESSION IS KEPT IN COOKIE, FORCE SESSION COOKIE TO EXPIRE
if (isset($_COOKIE[session_name()]))
{
   setcookie(session_name(), '', $cookie_expires, '/');
}
 
// TELL PHP TO ELIMINATE THE SESSION
session_destroy();
 
 
 
 
 
 
// OPTIONAL - CLEAR ALL COOKIES
/*
foreach ($_COOKIE as $key => $value)
{
   setcookie($key, '', $cookie_expires, '/');
}
*/
 
// OPTIONAL - TELL CLIENT ABOUT THE LOGOUT
/*
echo "YOU ARE LOGGED OUT";
*/
 
// OPTIONAL - REDIRECT TO THE HOME PAGE
/*
header("Location: /");
exit;
*/
?>

                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:

Select allOpen in new window

 

by: kcalderPosted on 2009-10-15 at 06:46:09ID: 31632327

I have implemented the suggestion, eradicating the use of a "logout" url in the js file and incorporting the redirect within the endSession PHP file. Works perfectly, thanks very much!

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...