Session destroy not working....

•

What is DaniWeb IT Discussion Community?

You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 429,818 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 3,381 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.

Join our community!

Please support our PHP advertiser: Lunarpages PHP Web Hosting

Thread Tools Display Modes

Views: 1594 | Replies: 7

•

Join Date: Oct 2007

Location: Penang Island, Malaysia

Posts: 176

Reputation: lordx78 is an unknown quantity at this point

Rep Power: 1

Solved Threads: 2

lordx78

Offline

Junior Poster

Session destroy not working....

Mar 11th, 2008

auth.php

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
<?php
 
// start session
session_start(); 
// convert username and password from _POST or _SESSION
if($_POST){
  $_SESSION['username']=$_POST['username'];
  $_SESSION['password']=$_POST['password'];  
}
 
// query for a user/pass match
$result = mysql_query("SELECT * FROM users WHERE username='" . $_SESSION['username'] . "' and password='" . $_SESSION['password'] . "'");
 
// retrieve number of rows resulted
$user = mysql_num_rows($result);
 
// print login form and exit if failed.
if($user < 1){
echo " Please login";
?>
<?php

// start session
session_start(); 
// convert username and password from _POST or _SESSION
if($_POST){
  $_SESSION['username']=$_POST['username'];
  $_SESSION['password']=$_POST['password'];  
}

// query for a user/pass match
$result = mysql_query("SELECT * FROM users WHERE username='" . $_SESSION['username'] . "' and password='" . $_SESSION['password'] . "'");

// retrieve number of rows resulted
$user = mysql_num_rows($result);

// print login form and exit if failed.
if($user < 1){
echo " Please login";
?>

logout.php

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
<?php
// logout.php
 
// you must start session before destroying it
session_start();
session_unset();
session_destroy();
//}
 
 
//echo "You have been successfully logged out.
echo " logged. Out.";
?>
<?php
// logout.php

// you must start session before destroying it
session_start();
session_unset();
session_destroy();
//}


//echo "You have been successfully logged out.
echo " logged. Out.";
?>

The codes above working fine, after I log out, if I paste the direct link to the admin.php, it won't go. But the problem is, when I log out, if I press the back button on the browser (firefox), it will back to admin.php.*

Please help.

* echo part in both codes was temporarily changed to save page.

Last edited by lordx78 : Mar 11th, 2008 at 2:00 am.

"I might not be the BEST but I'm not like the REST!"

•

Join Date: Aug 2007

Location: Cavite,Philippines

Posts: 508

Reputation: ryan_vietnow is an unknown quantity at this point

Rep Power: 3

Solved Threads: 68

ryan_vietnow ryan_vietnow is offline

Offline

Posting Pro

Re: Session destroy not working....

Mar 11th, 2008

redirect your page to somewhere so that when back button is clicked he cannot go back to the auth.php.
change this:

Help with Code Tags

php Syntax (Toggle Plain Text)

echo " logged. Out.";

to:

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
header('Location:index.php');
header('Location:index.php');

"death is the cure of all diseases..."
http://ryantetek.wordpress.com

•

Join Date: Nov 2007

Location: Bangalore, India

Posts: 3,098

Reputation: nav33n has a spectacular aura about

Rep Power: 8

Solved Threads: 240

nav33n

Offline

Posting Sensei

Re: Session destroy not working....

Mar 11th, 2008

What's in your admin.php page ? Are you checking if the session is valid or it has expired ? The best way to completely destroy the session is to redirect the page after you destroy the session. When the user clicks on the logout link, I do it this way.

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
<a href="index.php?logout=true">Logout</a>
.....
//in index.php
session_start();
....
if(isset($_REQUEST['logout']) && $_REQUEST['logout']=='true')){
 session_destroy();
}
<a href="index.php?logout=true">Logout</a>
.....
//in index.php
session_start();
....
if(isset($_REQUEST['logout']) && $_REQUEST['logout']=='true')){
 session_destroy();
}

Edit: Or you can do as ryan_vietnow has mentioned..

Its much easier way.

Last edited by nav33n : Mar 11th, 2008 at 2:11 am.

Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

*PM asking for help will be ignored*

•

Join Date: Oct 2007

Location: Penang Island, Malaysia

Posts: 176

Reputation: lordx78 is an unknown quantity at this point

Rep Power: 1

Solved Threads: 2

lordx78

Offline

Junior Poster

Re: Session destroy not working....

Mar 11th, 2008

* echo part in both codes was temporarily changed to save page.

the actual echo was;

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
<?php
//echo "You have been successfully logged out.
echo "
<html>
<head>
	<title>Cycle Tracks Portal</title>
	<style type='text/css' media='all'>@import 'images/style.css';
	</style>
	<link rel='alternate' type='application/rss+xml' title='RSS 2.0' href='rss/' />
</head>
<body>
	<div class='content'>
		<div class='topmenu'>
			<div class='date_'>";
				 echo date('l dS \of F Y');
		echo "</div>
		</div>
		<div id='submenu'>
			<form action='#'>
			</form>
			<br>
		</div>	
		<div class='cycle1'>
			<div class='title' style='text-align: center; width: 179px'>
			</div>
		<div class='slogan' style='width: 223px; height: 11px'></div>
	</div>";
	echo "<div><br>
			<p style='font-family:Calibri; color:#0066FF; font-size: large; text-align:center'>You have been <span style='color:green'>Successfully</span> logged out.</p>
		</div>";
	echo "
		<marquee style=' width: 100%; height: 10%; behavior: scroll' direction='up' scrollamount='7'><p style='font-family:Calibri; color:#0066FF; font-size: large; text-align:center'>You will be now returned to the Main page.</p></marquee>
		<div class='footer'>
			<div class='padding'>
			&copy; Copyright Cycle Tracks 
			<span>®</span>
		</div>
	</div>
</div>
</body>
</html>
<META HTTP-EQUIV=\"refresh\" content=\"5; URL=index.html\"> ";
?>
<?php
//echo "You have been successfully logged out.
echo "
<html>
<head>
	<title>Cycle Tracks Portal</title>
	<style type='text/css' media='all'>@import 'images/style.css';
	</style>
	<link rel='alternate' type='application/rss+xml' title='RSS 2.0' href='rss/' />
</head>
<body>
	<div class='content'>
		<div class='topmenu'>
			<div class='date_'>";
				 echo date('l dS \of F Y');
		echo "</div>
		</div>
		<div id='submenu'>
			<form action='#'>
			</form>
			<br>
		</div>	
		<div class='cycle1'>
			<div class='title' style='text-align: center; width: 179px'>
			</div>
		<div class='slogan' style='width: 223px; height: 11px'></div>
	</div>";
	echo "<div><br>
			<p style='font-family:Calibri; color:#0066FF; font-size: large; text-align:center'>You have been <span style='color:green'>Successfully</span> logged out.</p>
		</div>";
	echo "
		<marquee style=' width: 100%; height: 10%; behavior: scroll' direction='up' scrollamount='7'><p style='font-family:Calibri; color:#0066FF; font-size: large; text-align:center'>You will be now returned to the Main page.</p></marquee>
		<div class='footer'>
			<div class='padding'>
			&copy; Copyright Cycle Tracks 
			<span>®</span>
		</div>
	</div>
</div>
</body>
</html>
<META HTTP-EQUIV=\"refresh\" content=\"5; URL=index.html\"> ";
?>

*ignore the <?php and ?>

"I might not be the BEST but I'm not like the REST!"

•

Join Date: Aug 2007

Location: Cavite,Philippines

Posts: 508

Reputation: ryan_vietnow is an unknown quantity at this point

Rep Power: 3

Solved Threads: 68

ryan_vietnow ryan_vietnow is offline

Offline

Posting Pro

Re: Session destroy not working....

Mar 11th, 2008

just make this actual echo a separate page(e.g. redirect.php) then change the header location as I mentioned earlier as redirect.php

"death is the cure of all diseases..."
http://ryantetek.wordpress.com

•

Join Date: Dec 2007

Location: Bangalore,India

Posts: 118

Reputation: carobee is an unknown quantity at this point

Rep Power: 1

Solved Threads: 1

carobee

Offline

Junior Poster

Re: Session destroy not working....

Mar 11th, 2008

•

Originally Posted by lordx78

auth.php
Help with Code Tags

php Syntax (Toggle Plain Text)
<?php
 
// start session
session_start(); 
// convert username and password from _POST or _SESSION
if($_POST){
  $_SESSION['username']=$_POST['username'];
  $_SESSION['password']=$_POST['password'];  
}
 
// query for a user/pass match
$result = mysql_query("SELECT * FROM users WHERE username='" . $_SESSION['username'] . "' and password='" . $_SESSION['password'] . "'");
 
// retrieve number of rows resulted
$user = mysql_num_rows($result);
 
// print login form and exit if failed.
if($user < 1){
echo " Please login";
?>
<?php // start session session_start(); // convert username and password from _POST or _SESSION if($_POST){ $_SESSION['username']=$_POST['username']; $_SESSION['password']=$_POST['password']; } // query for a user/pass match $result = mysql_query("SELECT * FROM users WHERE username='" . $_SESSION['username'] . "' and password='" . $_SESSION['password'] . "'"); // retrieve number of rows resulted $user = mysql_num_rows($result); // print login form and exit if failed. if($user < 1){ echo " Please login"; ?>

in your auth,php script, once the user is verified try setting a session variable like
$_SESSION['views']=1;
Initially keep the session variable as 0
$_SESSION['views']=0;

•

logout.php
Help with Code Tags

php Syntax (Toggle Plain Text)
<?php
// logout.php
 
// you must start session before destroying it
session_start();
session_unset();
session_destroy();
//}
 
 
//echo "You have been successfully logged out.
echo " logged. Out.";
?>
<?php // logout.php // you must start session before destroying it session_start(); session_unset(); session_destroy(); //} //echo "You have been successfully logged out. echo " logged. Out."; ?>
The codes above working fine, after I log out, if I paste the direct link to the admin.php, it won't go. But the problem is, when I log out, if I press the back button on the browser (firefox), it will back to admin.php.*

Please help.

* echo part in both codes was temporarily changed to save page.

now in the logout.php when the user logs out make the session variable as 0
$_SESSION['views']=0;
In all other pages check whether your $_SESSION['views'] is set or not . if not set direct the user to any warning page
[code=php]
<?php
ob_start();
session_start();
if($_SESSION['views']==0)
header("Location:error.php");
ob_flush();
?>

Last edited by carobee : Mar 11th, 2008 at 3:02 am.

•

Join Date: Mar 2008

Posts: 57

Reputation: forzadraco is an unknown quantity at this point

Rep Power: 1

Solved Threads: 1

forzadraco forzadraco is offline

Offline

Junior Poster in Training

Re: Session destroy not working....

Mar 11th, 2008

there are something wrong with ur admin.php script.. can you show me it's script

•

Join Date: Apr 2006

Posts: 66

Reputation: silviuks is an unknown quantity at this point

Rep Power: 3

Solved Threads: 11

silviuks

Offline

Junior Poster in Training

Re: Session destroy not working....

Mar 12th, 2008

First of all, session_destroy() deletes everything you have stored on your session. if you only want to logout some user, simply use unset($_SESSION['user']) and after that redirect to the login page (or your index page). For this you can also use javascript to force redirect.

www.aiss-softwork.com