CODEWITHSUNDEEP
phpcookies
user2587194
user2587194

Reputation: 11

ending PHPSESSID cookie sessions

I am having dificulty ending the session cookie. whenever i login and logout, the browser still shows the "PHPSESSID".

Below is the web address for the php files that I used to build . I have tried on both "Chrome and Firefox" and still same problem. I do know it is a big ask for help, but I would appriciate it vey much.

The files are in the source folder with following files. fg-membersite.php membersite_config.php

https://github.com/simfatic/RegistrationForm/tree/master/source

Upvotes: 1

Views: 10555

Answers (5)

Mahdi Younesi
Mahdi Younesi

Reputation: 7509

You can easily do that in client-side using script below.
(You might need to change value of path and host)

document.cookie = "PHPSESSID=; expires=Thu, 01 Jan 1970 00:00:00 UTC;path=/;host=localhost";

Upvotes: 0

masdhona
masdhona

Reputation: 1

Sorry low quality answer from my previous

Upvotes: 0

x29a
x29a

Reputation: 1781

  1. The files are in the "include" folder within the "source" folder

  2. The PHPSESSID does not necessarily have something todo with login/logout, its just there to handle the session.

As you can see here (https://github.com/simfatic/RegistrationForm/blob/master/source/include/fg_membersite.php, starting at line 172):

function LogOut()
{
    session_start();        
    $sessionvar = $this->GetLoginSessionVar();        
    $_SESSION[$sessionvar]=NULL;        
    unset($_SESSION[$sessionvar]);
}

This code does not destroy the session but simply unsets a variable in the $_SESSION array. You could use

https://www.php.net/manual/en/function.session-unset.php

followed by

https://www.php.net/manual/en/function.session-destroy.php

for that or simply check if $_SESSION[$sessionvar] is set and contains valid information to see if the user is logged in. This way you preserve the session which might hold other valuable information.

Upvotes: 0

Sethunath K M
Sethunath K M

Reputation: 4761

You must unset the session cookie in https://github.com/simfatic/RegistrationForm/blob/master/source/include/fg_membersite.php , function Logout

You can do it like this 

<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Finally, destroy the session.
session_destroy();
?>

Code example taken from http://php.net/manual/en/function.session-destroy.php . You can find more information in php.net

Upvotes: 4

Viraths
Viraths

Reputation: 950

try following in your logout function

session_unset();
session_destroy();

Upvotes: 0

Related Questions