Solved

PHP Session Delete

Posted on 2016-08-15
3
71 Views
Last Modified: 2016-08-15
I am using the below code on my log out page.

<?php
session_start();
session_destroy();
?>

Open in new window


It does work and when I visit pages that require a login it doesn't allow me in which is good, but when I go to view my view my browser cookies I still see a "PHPSESSID" cookie. Why is this? Why doesn't this session cookie get deleted from my browser?

I have also output the session and it is empty.

print_r($_SESSION);

Open in new window


So overall it is working. Just curious why the actual cookie does not get removed from my browser. My browser is chrome if that makes any difference.
0
Comment
Question by:petewinter
3 Comments
 
LVL 56

Assisted Solution

by:Julian Hansen
Julian Hansen earned 150 total points
ID: 41756188
Refer to the docs on session_destroy
http://php.net/manual/en/function.session-destroy.php
session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
Refer second paragraph above.
0
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 350 total points
ID: 41756195
This article describes the correct process for handling "login" and "logout".  You have to remove the array of session data and the session cookie yourself; it's not an automatic part of session_destroy() although PHP should have been built that way in the beginning!
https://www.experts-exchange.com/articles/2391/PHP-Client-Registration-Login-Logout-and-Easy-Access-Control.html
<?php // RAY_EE_logout.php
require_once('RAY_EE_config.php');

// GRAB THE UID OR A CONSTANT FOR THE GOODBYE MESSAGE
$uid = (isset($_SESSION["uid"])) ? ', ' . $_SESSION["uid"] : ' NOW';

// IF THE "REMEMBER ME" COOKIE IS SET, FORCE IT TO EXPIRE
$cookie_expires = time() - date('Z') - REMEMBER;
if (isset($_COOKIE["uuk"]))
{
   setcookie("uuk", '', $cookie_expires, '/');
}

// CLEAR THE INFORMATION FROM THE $_SESSION ARRAY
$_SESSION = array();

// IF THE SESSION IS KEPT IN COOKIE, FORCE SESSION COOKIE TO EXPIRE
if (isset($_COOKIE[session_name()]))
{
   setcookie(session_name(), '', $cookie_expires, '/');
}

// TELL PHP TO ELIMINATE THE SESSION
session_destroy();
session_write_close();

// SAY GOODBYE...
echo "YOU ARE LOGGED OUT$uid.  GOODBYE.";

// OR REMOVE THE GOODBYE MESSAGE AND ACTIVATE THESE LINES TO REDIRECT TO THE HOME PAGE
// header("Location: /");
// exit;

Open in new window

These references may be helpful, too.
https://www.experts-exchange.com/articles/11271/Understanding-Client-Server-Protocols-and-Web-Applications.html
https://www.experts-exchange.com/articles/11909/PHP-Sessions-Simpler-Than-You-May-Think.html
0
 

Author Closing Comment

by:petewinter
ID: 41756308
Many thanks
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question