Reputation: 9293
if session is not set - redirecton doesn't work
index.php
session_start();
if (!(isset($_SESSION['admin']))) {
header ('Location: login.php');
}
I want to redirect a user if it's not loged in.
After login (without remember me), I turn off the browser (Chrome) and turn it on again.
All sessions should be removed, so I expect a redirection to login.php, but it doesn't work (index.php is loaded).
Upvotes: 2
Views: 57
Answers (2)
Reputation: 64409
If you see a session as "a browser session", then this is surprising behaviour. But this is not the case.
A session is a session as defined by the server. To remember that this is that same user, it saves the session as a cookie. For the point of view of the server, it doesn't really matter if you close your browser, shut down your computer, or drink a cup of coffee: you are still that same, unique, person, so your session should be the same.
As long as your cookies are saved AND are not too old, it's all the same session. You could, from the user side, try to instruct your client to stop this, for instance on a shared account: have the browser remove all cookies on exit or use different profiles (this at least is possible in chrome).
So the expected behaviour is that as long as the cookie is valid, the session is the same. Cookie validity (or actually: removal) CAN be tied to closing your browser, but most of the time it isn't. I am not sure it is even possible to directly detect if a browser was closed, so it's hard if not impossible to force your described behaviour from the server side.
edit: a quick addition from the manual:
Session support in PHP consists of a way to preserve certain data across subsequent accesses. This enables you to build more customized applications and increase the appeal of your web site. All information is in the Session reference section.
It talks about "subsequent accesses", which is quite broad.
Upvotes: 1
Reputation: 2091
You need to use session destroy function and then check. See the code below:-
session_destroy();
if (!(isset($_SESSION['admin']))) {
header ('Location: login.php');
}
or an alternative is to use unset function then check:-
unset($_SESSION['admin']);
if (!(isset($_SESSION['admin']))) {
header ('Location: login.php');
}
Well to destroy the session you can use an ajax call on browser unload event:-
$(window).unload(function() {
$.get('session_destroyer.php');
});
Upvotes: 0
Related Questions
- Cannot redirect properly in PHP
- PHP $_SESSION variable not working first time
- PHP Session check not working when i redirect from another page
- PHP after redirect the session variable changes to false
- Page not getting redirected when sessions are not set - PHP
- Session started but after redirect it does not exist?
- Session doesn't work after redirect
- After redirection my $_SESSION is empty, why?
- Session header redirection not working
- Sessions and php redirect doesn't work