Not able to log out

Question

I work on a tool where the logout functionality is no working. I have an index page, where I include the config file with the session_start().

After, I include a page where I have my banner and my logon and logoff button. When I click on one of these button I go on another page connec.php, I destroy or create the connection.

The connection is okay, I initialize all my session variables. For the disconnection I do:

if(isset($_POST['logout'])){
    $_SESSION = array ();
    session_unset();
    session_destroy();
    $_POST['logout']=1; 
    //gotopage($GLOBALS["GLOBAL_URL_PSISITE"]);
    header("Location: ../index.php"); 

I'm still connected, and when I do print_r($_SESSION) always exist.

Answer 1

In order to correctly "destroy" a running session, you must first tell PHP which session you are trying to kill.

In the case of your session not having a custom/manual name (most cases), you must FIRST call

session_start();

before you can call

session_destroy();

... So:

<?php session_start(); session_destroy(); ?>

Answer 2

You'll want something like this in your file

<?php
session_start();

if (isset($_POST['logout'])) {

    $_SESSION = array();

    if (ini_get("session.use_cookies")) {
        setcookie(session_name(), '', time() - 42000, '/');
    }

    session_destroy();

    //$_POST['logout']=1;  // this won't do anything since you're redirecting on the next line.

    header("Location: ../index.php");
    exit;

}
?>

Answer 3

First of all be sure that the page has session_start() defined at the very top, before you do anything on the page, secondly make sure your input field is wrapped around form element and your submit button has name=logout and your form is set to method=post

<form method="post" action="your_logout_script_page.php">
  <input type="submit" name="logout" />
</form>