Reputation: 85
unset somehow destroys all absolutely different sessions
I have one serious problem.
There is a little PHP system, which contains admin panel and customer panel. These panels must be functioning independently from each other.
For example - if admin logs out, customer must stay inside, etc.
There is my logout.php script (which is called by logout button javascript handler):
<?php
require_once("./setup/additional_functions.php");
require_once("./setup/mysql_settings.php");
session_start();
$functionName = filter_input(INPUT_GET, "functionName");
if($functionName == "logoutAdmin") {
initiateLogout("um_status", "users_managers", "um_id", $_SESSION['admin_id'], "admin");
} else if($functionName == "logoutCustomer") {
initiateLogout("customer_visit", "users_customers", "customer_id", $_SESSION['cust_id'], "../customer");
} else {
echo "Unknown error!";
}
function initiateLogout($loginTime, $tableName, $id, $sessionName, $backPage) {
$sqli = new sqlSettings();
$sql = "SELECT ". $loginTime ." FROM ". $tableName ." WHERE ". $id ." = ". $sessionName;
$result = $sqli->setConnection()->query($sql);
$user = $result->fetch_array();
$timestamp = $user[$loginTime] - 300;
$sql = "UPDATE " .$tableName. " SET " .$loginTime ." = ". $timestamp. " WHERE " .$id ." = ". $sessionName;
$result = $sqli->setConnection()->query($sql);
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 50000, '/');
}
unset($sessionName);
//redirect_to($backPage);
echo "../" . $backPage;
}
?>
Data inside $_SESSION['admin_id'] and $_SESSION['customer_id'] - absolutely different! But anyway - when I hit button (for example) on admin side - customer also logs out!!! It shouldn't be like this.
How to avoid this? Will be very thankful for any help!!
Upvotes: 1
Views: 34
Answers (2)
Reputation: 85
Well, I think my mistake was in testing whole system on my local computer. Cause if you do the same - session is being created during one browser and one pc. And it doesn't matter by whom you're logged in. After I placed my system on remote server and tested my old code from different "points" - everything works perfect.
Upvotes: 0
Reputation: 747
You don't need to be setting $_SESSION to an empty array.
You need to be setting the respective $_SESSION key to null or insetting it.
For customers this would be unset($_SESSION['cust_id']) and for admin this would be unset($_SESSION['admin_id'])
Your current code destroys the whole session which logs both customer and admin accounts out.
Upvotes: 1
Related Questions
- Issue with Unset (PHP)
- Unset() and session_destroy();
- PHP $_SESSION variable will not unset
- Weird unset() issue with session variable
- unset vs. session_unset doesnt work properly
- Session array not unset
- Issue deleting session variables
- PHP sessions getting unset
- $_SESSION unset issue
- Session unset unsetting every variable?