Alejandro_Lopez
asked on
session Destroy
Hi
I have an application using php sessions, but when i try to logout the program and destroy sessions it does' not work this is my exit code
<?php session_start();
session_unregister('first_ name');
session_unregister('user_l evel');
$_SESSION=array();
session_unset();
session_destroy();
include 'login_form.html';
?>
I receive no error but if i click back on browser ask me for refresh, after that i'm logged again
thanks
I have an application using php sessions, but when i try to logout the program and destroy sessions it does' not work this is my exit code
<?php session_start();
session_unregister('first_
session_unregister('user_l
$_SESSION=array();
session_unset();
session_destroy();
include 'login_form.html';
?>
I receive no error but if i click back on browser ask me for refresh, after that i'm logged again
thanks
When using $_SESSION (as opposed to the old method) you should unset session variables using the unset function (for induvidual variables) or $_SESSION = array(); to effictively reset the session data.
So in this case
<?php
session_start();
$_SESSION = array();
session_destroy();
?>
is needed.
>> I receive no error but if i click back on browser ask me for refresh, after that i'm logged again
This sounds like you are resubmitting form data which is logging you in again.
There is two possibilities i can think of here, one is that it is the IE6 bug triggered by the use of session data with forms, in which case after session_start(); try adding:
header("cache-control: private");
The other is to process the login on a seperate page and use header redirects, eg. point your form to process.php
process.php will resemble the following:
<?php
//process login data as you was before
header("location: logged_in_page.php");
exit;
?>
That should prevent the need to refresh and also prevent the resubmitting of form data upon refresh.
So in this case
<?php
session_start();
$_SESSION = array();
session_destroy();
?>
is needed.
>> I receive no error but if i click back on browser ask me for refresh, after that i'm logged again
This sounds like you are resubmitting form data which is logging you in again.
There is two possibilities i can think of here, one is that it is the IE6 bug triggered by the use of session data with forms, in which case after session_start(); try adding:
header("cache-control: private");
The other is to process the login on a seperate page and use header redirects, eg. point your form to process.php
process.php will resemble the following:
<?php
//process login data as you was before
header("location: logged_in_page.php");
exit;
?>
That should prevent the need to refresh and also prevent the resubmitting of form data upon refresh.
TRY THIS: I'VE EDITED THE CODE TO UNREGISTER TWO SESSION VARIABLES INSTEAD OF ONE HOW IT IS IN MY ORIGINAL CODE. IF THERE ARE ANY ERRORS, THAT IS THE REASON.
<?php
session_start();
//include function files for this application
require_once("functions.ph p");
$old_user1 = $_SESSION['first_name']; //store to test if they *were* logged in
$old_user2 = $_SESSION['user_level']; //store to test if they *were* logged in
$result_unreg1 = session_unregister("first_ name");
$result_unreg2 = session_unregister("user_l evel");
$result_dest = session_destroy();
if (!empty($old_user1 && $old_user2))
{
if ($result_unreg1 && $result_dest && $result_unreg2)
{
//if they were logged in and are now logged out
echo "Your logout attempt was successful. You are now logged out.";
}
else
{
//they were logged in and could not be logged out
echo "Logout Was Unsuccessful";
}
}
else
{
// if they weren't logged in but came to this page somehow
echo "You were never logged in, therefore, you weren't logged out.";
}
?>
BELOW IS MY ORIGINAL CODE ON HOW TO UNREGISTER AND DESTROY A SESSION USING ONE SESSION VARIABLE FOR A LOGIN:
<?php
session_start();
//include function files for this application
require_once("functions.ph p");
$old_user = $_SESSION['valid_user']; //store to test if they *were* logged in
$result_unreg = session_unregister("valid_ user");
$result_dest = session_destroy();
if (!empty($old_user))
{
if ($result_unreg && $result_dest)
{
//if they were logged in and are now logged out
echo "Your logout attempt was successful. You are now logged out.";
}
else
{
//they were logged in and could not be logged out
echo "Logout Was Unsuccessful";
}
}
else
{
// if they weren't logged in but came to this page somehow
echo "You were never logged in, therefore, you weren't logged out.";
}
?>
<?php
session_start();
//include function files for this application
require_once("functions.ph
$old_user1 = $_SESSION['first_name']; //store to test if they *were* logged in
$old_user2 = $_SESSION['user_level']; //store to test if they *were* logged in
$result_unreg1 = session_unregister("first_
$result_unreg2 = session_unregister("user_l
$result_dest = session_destroy();
if (!empty($old_user1 && $old_user2))
{
if ($result_unreg1 && $result_dest && $result_unreg2)
{
//if they were logged in and are now logged out
echo "Your logout attempt was successful. You are now logged out.";
}
else
{
//they were logged in and could not be logged out
echo "Logout Was Unsuccessful";
}
}
else
{
// if they weren't logged in but came to this page somehow
echo "You were never logged in, therefore, you weren't logged out.";
}
?>
BELOW IS MY ORIGINAL CODE ON HOW TO UNREGISTER AND DESTROY A SESSION USING ONE SESSION VARIABLE FOR A LOGIN:
<?php
session_start();
//include function files for this application
require_once("functions.ph
$old_user = $_SESSION['valid_user']; //store to test if they *were* logged in
$result_unreg = session_unregister("valid_
$result_dest = session_destroy();
if (!empty($old_user))
{
if ($result_unreg && $result_dest)
{
//if they were logged in and are now logged out
echo "Your logout attempt was successful. You are now logged out.";
}
else
{
//they were logged in and could not be logged out
echo "Logout Was Unsuccessful";
}
}
else
{
// if they weren't logged in but came to this page somehow
echo "You were never logged in, therefore, you weren't logged out.";
}
?>
If you would like me to help with a way to have different access levels while only having one session variable, let me know. I have a whole login script designed especially for EE users :)
Cheers
Lance
Cheers
Lance
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
HI all
sorry for stay out so many time, now i'll try Diablo84 comment, i think it's right
sorry for stay out so many time, now i'll try Diablo84 comment, i think it's right
Accept Diablo84. Mebbe Give me like 1 point if I'm reeeeally lucky :)
Alejandro_Lopez ,
Any news?
Any news?
Hi Alejandro_Lopez, did you find time to try the code?
ASKER
Sorry for not taking care of this
I 'm agreee
Regards and thanks to all of you for your support
I 'm agreee
Regards and thanks to all of you for your support
Well, you only really need this:
<?php
session_start();
session_unset();
session_destroy();
?>
It also depends on your code for the page authenticating the login, and finally, try logging out, closing your browser, then going back to the page. See if it's still logged in.
Regards,
Zyloch