CODEWITHSUNDEEP
php
somdow
somdow

Reputation: 6318

PHP ending sessions(different ways) i dont understand

I'm trying to understand sessions and how some of the functions to end them work. I've gone to different sites/and even here on SO and, well essentially, nothing is working.

I have an app I'm trying to work on and when the user logs in, I store the username like so (not going to paste the whole code but you get the idea)

if($row == 1){
    session_start();
    $_SESSION['usrname'] = $login_usrname;
    $_SESSION['usrpass'] = $login_usrpass;
    header("Location:index.php");
    exit;
}

On the index page of said app I have a check like so

session_start();
if(!isset($_SESSION['usrname']) && !isset($_SESSION['usrpass'])){ 
    header("Location:login-acc.php");
    exit;
}

And it lets them in. I check the cookies in firefoxes web dev tools and I see it being generated so I'm going to say "its working" so far.

Now when I want to log out, Long story short I have a logout link that takes them to a page that's supposed to clear all session data and redirect them to the login page. When I'm testing the app and I click the logout link, I get redirected to the login page but when i go back and click the "index page" link. it lets me right in.

In the logout file, trying to FORCE the issue in overkill lol, I have this and nothing seems to work.

unset($_SESSION['usrname']);
unset($_SESSION['usrpass']);

session_unset();

$_SESSION = array();
session_destroy();

setcookie('PHPSESSID', '', time()-3600,'/', '', 0, 0);

header("Location:login-acc.php");
exit;

It redirects me to the login page but again, when I manually go to index page it lets me right in. Or after being redirected to the login page, I hit the "back" button and lets me right in as well.

If I then go into FF Web developer tools app and delete all cookies etc, and navigate to the index page, then it locks me out.

As you can see above ive tried multiple things and in the end, I threw them all together which should do something. My question is since I've put in ALL those functions to try and delete/unset/remove in general the session, what else can I do? I'm a bit lost as to how its supposed to work.

Can someone steer me in the right direction?

Upvotes: 4

Views: 188

Answers (2)

MKH
MKH

Reputation: 56

You have to start a session in order to end a session. I recommend taking a look at... http://php.about.com/od/advancedphp/ss/php_sessions_3.htm

// you have to open the session to be able to modify or remove it 
session_start(); 

// to change a variable, just overwrite it 
$_SESSION['size']='large'; 

//you can remove a single variable in the session 
unset($_SESSION['shape']); 

// or this would remove all the variables in the session, but not the session itself 
session_unset(); 

// this would destroy the session variables 
session_destroy();

Upvotes: 1

jszobody
jszobody

Reputation: 28941

You are missing a session_start() at the top of your logout page. It's trying to modify a session that doesn't exist!

Upvotes: 2

Related Questions