?
Solved

session Destroy

Posted on 2004-09-22
13
Medium Priority
?
1,990 Views
Last Modified: 2013-12-12
Hi

I have an application using php sessions, but when i try to logout the program and destroy sessions it does' not work this is my exit code

<?php session_start();
    session_unregister('first_name');
    session_unregister('user_level');
    $_SESSION=array();
    session_unset();
    session_destroy();
    include 'login_form.html';
?>
 
I receive no error but if i click back on browser ask me for refresh, after that i'm logged again

thanks

0
Comment
Question by:Alejandro_Lopez
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +2
13 Comments
 
LVL 36

Expert Comment

by:Zyloch
ID: 12128693
Hi Alejandro_Lopez,

Well, you only really need this:

<?php
session_start();
session_unset();
session_destroy();
?>

It also depends on your code for the page authenticating the login, and finally, try logging out, closing your browser, then going back to the page. See if it's still logged in.

Regards,
Zyloch
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 12131873
When using $_SESSION (as opposed to the old method) you should unset session variables using the unset function (for induvidual variables) or $_SESSION = array(); to effictively reset the session data.

So in this case

<?php
  session_start();
  $_SESSION = array();
 session_destroy();
?>

is needed.

>> I receive no error but if i click back on browser ask me for refresh, after that i'm logged again

This sounds like you are resubmitting form data which is logging you in again.

There is two possibilities i can think of here, one is that it is the IE6 bug triggered by the use of session data with forms, in which case after session_start(); try adding:

header("cache-control: private");

The other is to process the login on a seperate page and use header redirects, eg. point your form to process.php

process.php will resemble the following:

<?php
//process login data as you was before
header("location: logged_in_page.php");
exit;
?>

That should prevent the need to refresh and also prevent the resubmitting of form data upon refresh.
0
 
LVL 2

Expert Comment

by:Lance_Frisbee
ID: 12170610
TRY THIS: I'VE EDITED THE CODE TO UNREGISTER TWO SESSION VARIABLES INSTEAD OF ONE HOW IT IS IN MY ORIGINAL CODE. IF THERE ARE ANY ERRORS, THAT IS THE REASON.

<?php

session_start();

//include function files for this application

require_once("functions.php");
$old_user1 = $_SESSION['first_name']; //store to test if they *were* logged in
$old_user2 = $_SESSION['user_level']; //store to test if they *were* logged in
$result_unreg1 = session_unregister("first_name");
$result_unreg2 = session_unregister("user_level");
$result_dest = session_destroy();

if (!empty($old_user1 && $old_user2))
{
     if ($result_unreg1 && $result_dest && $result_unreg2)
     {
          //if they were logged in and are now logged out
          echo "Your logout attempt was successful. You are now logged out.";
     }
     else
     {
          //they were logged in and could not be logged out
                                echo "Logout Was Unsuccessful";
     }
}
else
{
     // if they weren't logged in but came to this page somehow
     echo "You were never logged in, therefore, you weren't logged out.";
}

?>


BELOW IS MY ORIGINAL CODE ON HOW TO UNREGISTER AND DESTROY A SESSION USING ONE SESSION VARIABLE FOR A LOGIN:

<?php

session_start();

//include function files for this application

require_once("functions.php");
$old_user = $_SESSION['valid_user']; //store to test if they *were* logged in
$result_unreg = session_unregister("valid_user");
$result_dest = session_destroy();

if (!empty($old_user))
{
     if ($result_unreg && $result_dest)
     {
          //if they were logged in and are now logged out
          echo "Your logout attempt was successful. You are now logged out.";
     }
     else
     {
          //they were logged in and could not be logged out
                                echo "Logout Was Unsuccessful";
     }
}
else
{
     // if they weren't logged in but came to this page somehow
     echo "You were never logged in, therefore, you weren't logged out.";
}

?>

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 2

Expert Comment

by:Lance_Frisbee
ID: 12170646
If you would like me to help with a way to have different access levels while only having one session variable, let me know. I have a whole login script designed especially for EE users :)

Cheers
Lance
0
 
LVL 27

Accepted Solution

by:
Diablo84 earned 2000 total points
ID: 12565487
I have just read the question again and the problem seems a little more obvious this time. The browser is trying to resubmit form data which is expected behaviour when clicking the back button and returning to a page that has had post data submitted to it (in the same instance that refreshing will have the same effect). Presumably the logout is being triggered by a button click.

The work around for this is to process data in a seperate page as i said in my original comment.

Alejandro_Lopez, if you are still around and haven't fixed this, point your form to another page, for example, process.php then in that file:

<?php
//handle the SESSION data
header("location: destination.php"); //where destination.php is the page to redirect to
exit;
?>

Once you have redirected after handling the session data the refreshing issue will no longer be a problem. If you need any more help getting this working feel free to post back.

Lance_Frisbee, i looked through you code and could not see anything that would prevent the browser effect.

My recommendation is accept Diablo84 {12131873}
0
 

Author Comment

by:Alejandro_Lopez
ID: 12566818
HI all

sorry for stay out so many time, now i'll try Diablo84 comment, i think it's right
0
 
LVL 2

Expert Comment

by:Lance_Frisbee
ID: 12568123
Accept Diablo84. Mebbe Give me like 1 point if I'm reeeeally lucky :)
0
 
LVL 20

Expert Comment

by:Venabili
ID: 12624358
Alejandro_Lopez ,

Any news?
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 12753615
Hi Alejandro_Lopez, did you find time to try the code?
0
 

Author Comment

by:Alejandro_Lopez
ID: 12824769
Sorry for not taking care of this

I 'm agreee

Regards and thanks to all of you for your support
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question