Reputation: 307
My Session reappears In PHP even after destroy
I have a login web page where user logs in. The page is then redirected to an interim page as loginvalidte.php. This page saves the User data in Session and forwards the request to the index.php page which some some user data and also has a logout button which is redirected to login.php
In short,
login.php - For user to enter username and password
loginvalidate.php - Session values are initialized
index.php - Dashboard page with logout button
Here are my pages:
login.php
<!DOCTYPE html>
<?php
//session_unset();
session_destroy();
$_SESSION = array();
$authError='false';
if($_GET['AuthCheck']=='failed'){
$authError='true';
}
if($_GET['Expired']=='true'){
$sessionexpire='true';
}
//print_r ($_SESSION);
foreach($_SESSION as $key => $val)
{
unset($_SESSION[$key]);
}
//unset($_SESSION["InfraUser"]);
//unset($_SESSION["InfraPassword"]);
$_SESSION["InfraUser"]='';
$_SESSION["InfraPassword"]='';
$_SESSION = NULL;
print_r($_SESSION);
?>
<html >
<head>
<meta charset="UTF-8">
<title>One click Infra</title>
<link rel="stylesheet" href="loginstyle/css/style.css">
</head>
<body>
<html>
<html>
<head>
<meta charset="UTF-8">
<title>Login Form</title>
<script src="loginstyle/js/prefixfree.min.js"></script>
</head>
<body>
<div id="logo">
<h1><i> One Click Infra</i></h1>
</div>
<section class="stark-login">
<form action="loginvalidate.php" method="post">
<?php if($authError=='true'){ ?>
<div id="fade-box">
<p>Authentication Failed. Please Login Again</p>
</div>
<?php }
else if ($sessionexpire=='true'){ ?>
<div id="fade-box">
<p>Session Expired. Please Login Again</p>
</div>
<?php }?>
<div id="fade-box">
<input type="text" name="username" class="form-control" placeholder="Username" required="" />
<input type="password" name="userpassword" class="form-control" placeholder="Password" required="" />
<div hidden>
<input type="text" name="authorize" class="form-control" placeholder="Authorize" value="on"/>
</div>
<button>Log In</button>
</div>
</form>
<div class="hexagons">
<img src="http://i34.photobucket.com/albums/d133/RavenLionheart/NX-Desktop-BG.png" height="768px" width="1366px"/>
</div>
</section>
<div id="circle1">
<div id="inner-cirlce1">
<h2> </h2>
</div>
</div>
<ul>
<li></li>
<li></li>
<li></li>
<li></li>
<li></li>
</ul>
<script src='http://codepen.io/assets/libs/fullpage/jquery.js'></script>
<script src="loginstyle/js/index.js"></script>
</body>
</html>
<script src="loginstyle/js/index.js"></script>
</body>
</html>
loginvalidate.php
<?php
session_start();
$User = $_POST["username"];
$Password = $_POST["userpassword"];
include('/opt/lampp/htdocs/oneclickinfra/Net/SSH2.php');
$ssh = new Net_SSH2('10.41.66.73');
if (!$ssh->login('centos', 'centos')) {
exit('OCI Server Is Down. Please send mail to [email protected]');
}
/////////////////////////////////////////////////////////////////////////////////////////////
if ($_POST['authorize']){
$command0 = 'curl --request POST "http://gitlab.snapdeal.com/api/v3/session?login='.$User.'&password='.$Password.'"';
$req_data0 = $ssh->exec($command0);
if (strpos($req_data0,'Unauthorized')!==false){
header("Location: login.php?AuthCheck=failed");
}
else{
$_SESSION["InfraUser"] = $User;
$_SESSION["InfraPassword"] = $Password;
print 'Data here is: '.$_SESSION["InfraUser"].' and '.$_SESSION["InfraPassword"];
//sleep(10);
header("Location: index.php");
}
}
////////////////////////////////////////////////////////////////////////////////////////////
?>
Some Part of index.php:
<?php
session_start();
$User = '';
$Password = '';
print_r($_SESSION);
if(!isset($_SESSION['InfraUser'])){
//if($_SESSION['InfraUser']===''){
header("Location: login.php?AuthCheck=failed");
}
else{
$User = $_SESSION["InfraUser"];
$Password = $_SESSION["InfraPassword"];
}
//////////////////////////////////// Maintains Session Only for 30 Minutes ///////////////////////
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 3600)) {
// last request was more than 30 minutes ago
//session_unset(); // unset $_SESSION variable for the run-time
//session_destroy(); // destroy session data in storage
header("Location: login.php?Expired=true");
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
//////////////////////////////////////////////////////////////////////////////////////////////////
$chefApiFetchAuthCheck = $_GET["chefApiFlavorFetchAuthenticationError"];
The problem is that when I press logout, It is redirected to login.php page which is clearing all the session variable as i do not get any data by printing the session array at login.php page. But when i directly enter the site on index.php, I still get my User session values.
Please help as I want to redirect the user to loginPage if the user directly enters the index.php after logout is hit.
Upvotes: 0
Views: 149
Answers (2)
Reputation: 7911
You should die() after header("Location: login.php?Expired=true"); because $_SESSION['LAST_ACTIVITY'] is still being set even when you're being redirected.
For the error you're getting, one can only destroy an existing running session. But it seems @avenged_badger beat me to that punchline.
Upvotes: 2
Reputation: 113
You need to call session_start() in the beginning of login.php. That's why you don't see the $_SESSION variables and why they aren't being reset.
Upvotes: 2
Related Questions
- Sessions in PHP exists after Destroying
- php session destroy issue
- How to delete a PHP session?
- PHP sessions won't destroy
- PHP Session not clearing?
- destroying old session, making new, but php still refers to old session
- Sessions not destroying
- PHP Session is not destroying after user logout
- session is not destroying
- php session does not destroy on refresh