Solved

PHP Session Delete

Posted on 2016-08-15
3
47 Views
Last Modified: 2016-08-15
I am using the below code on my log out page.

<?php
session_start();
session_destroy();
?>

Open in new window


It does work and when I visit pages that require a login it doesn't allow me in which is good, but when I go to view my view my browser cookies I still see a "PHPSESSID" cookie. Why is this? Why doesn't this session cookie get deleted from my browser?

I have also output the session and it is empty.

print_r($_SESSION);

Open in new window


So overall it is working. Just curious why the actual cookie does not get removed from my browser. My browser is chrome if that makes any difference.
0
Comment
Question by:petewinter
3 Comments
 
LVL 52

Assisted Solution

by:Julian Hansen
Julian Hansen earned 150 total points
ID: 41756188
Refer to the docs on session_destroy
http://php.net/manual/en/function.session-destroy.php
session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
Refer second paragraph above.
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 350 total points
ID: 41756195
This article describes the correct process for handling "login" and "logout".  You have to remove the array of session data and the session cookie yourself; it's not an automatic part of session_destroy() although PHP should have been built that way in the beginning!
https://www.experts-exchange.com/articles/2391/PHP-Client-Registration-Login-Logout-and-Easy-Access-Control.html
<?php // RAY_EE_logout.php
require_once('RAY_EE_config.php');

// GRAB THE UID OR A CONSTANT FOR THE GOODBYE MESSAGE
$uid = (isset($_SESSION["uid"])) ? ', ' . $_SESSION["uid"] : ' NOW';

// IF THE "REMEMBER ME" COOKIE IS SET, FORCE IT TO EXPIRE
$cookie_expires = time() - date('Z') - REMEMBER;
if (isset($_COOKIE["uuk"]))
{
   setcookie("uuk", '', $cookie_expires, '/');
}

// CLEAR THE INFORMATION FROM THE $_SESSION ARRAY
$_SESSION = array();

// IF THE SESSION IS KEPT IN COOKIE, FORCE SESSION COOKIE TO EXPIRE
if (isset($_COOKIE[session_name()]))
{
   setcookie(session_name(), '', $cookie_expires, '/');
}

// TELL PHP TO ELIMINATE THE SESSION
session_destroy();
session_write_close();

// SAY GOODBYE...
echo "YOU ARE LOGGED OUT$uid.  GOODBYE.";

// OR REMOVE THE GOODBYE MESSAGE AND ACTIVATE THESE LINES TO REDIRECT TO THE HOME PAGE
// header("Location: /");
// exit;

Open in new window

These references may be helpful, too.
https://www.experts-exchange.com/articles/11271/Understanding-Client-Server-Protocols-and-Web-Applications.html
https://www.experts-exchange.com/articles/11909/PHP-Sessions-Simpler-Than-You-May-Think.html
0
 

Author Closing Comment

by:petewinter
ID: 41756308
Many thanks
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days socially coordinated efforts have turned into a critical requirement for enterprises.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now