php user logging out with or without AJAX

Question

My colleague and me are having a hard time trying to solve this problem. We have a special kind of webshop, because we have customers and sub-customers. If the person logged in is a sub-customer, we want to show some extra html on our page. This works, but if a sub-customer logs out, and a normal customer logs in, the extra html is still visible, but we don't understand how this is possible. The problem is also vice versa: if the first logged in is a normal user, then logs out, then a sub-customer logs in, the extra html is not visible.

1. loginck.php

//after the user types his e-mail end password, we check if its a normal user or a sub-user. If normal user then => $_SESSION['multiklant'] = 0; else sub-user then => $_SESSION['multiklant'] = 1; else $_SESSION['multiklant'] = 0; //user not found

2. index.php

if ($_SESSION['multiklant'] == 1) {
   $userid = $_SESSION['userid'];

echo "<div class='col-md-3'>";
echo "<label for='leveradres'>Leveradres*:</label><br/>";
echo "<select id='leveradres' class='form-control'>";
echo "<option value='0'>Selecteer...</option>";

$qry = "SELECT * FROM LEVERADRESSEN WHERE LA_EMAIL = '" . $_SESSION['klemail'] . "'";
$res = mysqli_query($link, $qry);
while ($row = mysqli_fetch_assoc($res)) {
echo "<option value='" . $row['LA_ID'] . "'>" . $row['LA_NAAM'] . "</option>";
}

echo "</select>";
echo "</div>"; 
}

3.1 logout click on index.php

$("#logout").click(function () {
    var lgout = $.get("logout.php");
    lgout.done(function (data) {

        $(".show-2").trigger("click");
        $("#logout").addClass("hidden");

    });
});

3.2 logout.php

<?php
    session_start();

    $_SESSION = array();
    session_unset();
    session_destroy();
    header("Location:index.php");
    exit();
?>

As you can see, we used AJAX here, but even without the problem stays. If possible we would like to keep the AJAX, but if not it can be deleted. Also a combination, where the redirect is not in de php but in the javascript part.

Could this be a caching problem? Because if we reload our browser without cache, it al works.

We are searching the internet, including this site already for 6 hours...

Code tested in Chrome on MAC and Internet Explorer 11 on Windows, gives no difference.

Answer 1

YES!

After searching a long time and trying some of your suggestions (which we are grateful for, I upvoted the most useful ones) we found the solution. It was after reading this it all came (more) clear. Index.php is our only page with content. So yes, we start a session there, but if we change the session variables afterwards via AJAX, index.php doesn't track those changes.

This is why we tried to refresh the page after logging out, so the sessions variables would be refreshed to. That didn't work. It was until we did also a refresh after logging in also, it al worked, although with some page refresh for the users.

So we put those blocks of code in separate php files and check when needed with AJAX

This is our solution:

1. When the user logs in:

$("#blockleveradressen").load("leveradressen.php");

var testmultiklant = $.get("testmultiklant.php");

testmultiklant.done(function (data){

    if(data == 3){
        $("#een").removeClass().addClass("col-md-3");
        $("#twee").removeClass().addClass("col-md-3");
        $("#drie").removeClass().addClass("col-md-3");
    }else {
        $("#een").removeClass().addClass("col-md-4");
        $("#twee").removeClass().addClass("col-md-4");
        $("#drie").removeClass().addClass("col-md-4");
    }
});

2. leveradressen.php

include "include/session.php";
include "include/MyConnect.php";


if ($_SESSION['multiklant'] == 1) {

    $userid = $_SESSION['userid'];


    echo "<div class='col-md-3'>";
    echo "<label for='leveradres'>Leveradres*:</label><br/>";
    echo "<select id='leveradres' class='form-control'>";
    echo "<option value='0'>Selecteer...</option>";

    $qry = "SELECT * FROM LEVERADRESSEN WHERE LA_EMAIL = '" . $_SESSION['klemail'] . "'";
    $res = mysqli_query($link, $qry);
    while ($row = mysqli_fetch_assoc($res)) {
        echo "<option value='" . $row['LA_ID'] . "'>" . $row['LA_NAAM'] . "</option>";
    }

    echo "</select>";
    echo "</div>";

}

3. testmultiklant.php

include "include/session.php";

if ($_SESSION['multiklant'] == 1) {
    echo 3;
} else
{
    echo 4;
}

4. index.php

<div id="blockleveradressen">

</div>

<div id="een" class="col-md-4">
    <label for="datepicker">Leveringsdatum*:</label><br/>
    <input type="text" id="datepicker" readonly="readonly"/>
    <input type="hidden" id="datepickerAlt" readonly="readonly" visible="false">
</div>
<div id="twee" class="col-md-4">
    <label for="timepicker">Leveringstijdstip*:</label><br/>
    <input type="text" id="timepicker" class="time"/>
</div>
<div id="drie" class="col-md-4">
    <label for="betaalMethode">Betaalmethode*:</label><br/>
    <select id="betaalMethode" class="form-control">
        <option value="Overschrijving">Overschrijving</option>
        <option value="Visa">Visa</option>
        <option value="Cash">Cash</option>
    </select>
</div>

Just need to clean up the code, but this works. Just learned another lesson: single-paged websites and php (session more specific) are not best friends :-)

Answer 2

Your logout does a header location with exit. In other words: is the $.get('logout.php') done?

Why do you do a redirect serverside? So full page and scripts will be reloaded! And you're waiting for 'done'. Do this:

• remove the lines with header and exit from logout.php

After the session is destroyed, the page is ready and the .done callback will be executed.

Answer 3

Look at response header after logout and check "cache-control". I think problem in cache.