User Name Password Register
DaniWeb IT Discussion Community
Home
Forums
Tutorials
Code Snippets
Blogs
Link Directory
All
What is DaniWeb IT Discussion Community?
You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 423,539 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 4,261 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Join our community!
Please support our PHP advertiser: Lunarpages PHP Web Hosting
Views: 1813 | Replies: 13 | Solved
Reply
Page 1 of 2 1 2 >
Join Date: Oct 2007
Location: Penang Island, Malaysia
Posts: 173
Reputation: lordx78 is an unknown quantity at this point 
Rep Power: 1
Solved Threads: 2
lordx78's Avatar
lordx78 lordx78 is offline Offline
Junior Poster

Help session log out problem

  #1  
Feb 28th, 2008
Help with Code Tags
php Syntax (Toggle Plain Text) 
  1. <?php
  2. session_start();
  3. session_unset('YourVisitID');
  4. session_destroy();
  5. header("location:index.php");
  6. ?>

I've use the code above to destroy my session after login, but instead of destroying it, It creates another session called 'PHPSESID'. I'm using XAMPP localhost. Please advise.*

* page redirection works fine
"I might not be the BEST but I'm not like the REST!"
AddThis Social Bookmark Button
Reply With Quote  
Join Date: Nov 2007
Location: Bangalore, India
Posts: 3,098
Reputation: nav33n has a spectacular aura about nav33n has a spectacular aura about 
Rep Power: 8
Solved Threads: 240
nav33n's Avatar
nav33n nav33n is offline Offline
Posting Sensei

Re: session log out problem

  #2  
Feb 28th, 2008
huh! How do you know it creates another session ?
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

*PM asking for help will be ignored*
Reply With Quote  
Join Date: Oct 2007
Location: Penang Island, Malaysia
Posts: 173
Reputation: lordx78 is an unknown quantity at this point 
Rep Power: 1
Solved Threads: 2
lordx78's Avatar
lordx78 lordx78 is offline Offline
Junior Poster

Re: session log out problem

  #3  
Feb 28th, 2008
I'm using Mozilla Firefox. After I logged it, I checked the cookies, there will only 'YourVisitID' under localhost. Then when I press log out button, It will redirect me back to the i.dex.php. Then I tried to copy & paste the direct link to the admin's page., it still works. then I went to check the cookies again, and what I saw under localhost was the intial session 'YourVisitID' was still there and not destroyed and there will be another cookie named 'PHPSESID'.

Advise please.
"I might not be the BEST but I'm not like the REST!"
Reply With Quote  
Join Date: Nov 2007
Location: Bangalore, India
Posts: 3,098
Reputation: nav33n has a spectacular aura about nav33n has a spectacular aura about 
Rep Power: 8
Solved Threads: 240
nav33n's Avatar
nav33n nav33n is offline Offline
Posting Sensei

Re: session log out problem

  #4  
Feb 28th, 2008
Are you validating existence of session in admin's page ? Try ths simple example.
Help with Code Tags
php Syntax (Toggle Plain Text) 
  1. <?php //page1.php
  2. session_start();
  3. $_SESSION['name']="test";
  4. echo "<a href='page2.php'>Click here</a>";
  5. ?>
This is page2.php
Help with Code Tags
php Syntax (Toggle Plain Text) 
  1. <?php
  2. session_start();
  3. if(!empty($_SESSION['name'])){
  4.  echo $_SESSION['name'];
  5. } else {
  6.  echo "Invalid session";
  7. }
  8. ?>
Well, if you try to access page2.php directly, you will get Invalid session. Are you doing a check like this one in admin's page ?
Last edited by nav33n : Feb 28th, 2008 at 12:07 pm.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

*PM asking for help will be ignored*
Reply With Quote  
Join Date: Jan 2008
Posts: 70
Reputation: Vai is an unknown quantity at this point 
Rep Power: 1
Solved Threads: 5
Vai Vai is offline Offline
Junior Poster in Training

Re: session log out problem

  #5  
Feb 28th, 2008
Here is what I do

secure.php
Help with Code Tags 
<?php
     session_start();
     if (empty($_SESSION['username'])) {
     header("location:index.php");
     exit; }
 ?>

logout.php
Help with Code Tags 
<?php
     session_start();
      if($_SESSION["status"]="logged") {
      session_unset(); 
      session_destroy();
       header( "Location:../index.php" ); 
      exit();
     } else { 
       if ($_SESSION["status"]="not logged") {
//the session variable isn't registered, the user shouldn't even be on this page 
       header( "Location:../index.php" ); 
      exit();
    }
  }
?>
Reply With Quote  
Join Date: Oct 2007
Location: Penang Island, Malaysia
Posts: 173
Reputation: lordx78 is an unknown quantity at this point 
Rep Power: 1
Solved Threads: 2
lordx78's Avatar
lordx78 lordx78 is offline Offline
Junior Poster

Re: session log out problem

  #6  
Feb 28th, 2008
yes I've the validation check on the admin page.
Last edited by lordx78 : Feb 28th, 2008 at 12:13 pm.
"I might not be the BEST but I'm not like the REST!"
Reply With Quote  
Join Date: Nov 2007
Location: Bangalore, India
Posts: 3,098
Reputation: nav33n has a spectacular aura about nav33n has a spectacular aura about 
Rep Power: 8
Solved Threads: 240
nav33n's Avatar
nav33n nav33n is offline Offline
Posting Sensei

Re: session log out problem

  #7  
Feb 28th, 2008
I'm using Mozilla Firefox. After I logged it, I checked the cookies, there will only 'YourVisitID' under localhost. Then when I press log out button, It will redirect me back to the i.dex.php. Then I tried to copy & paste the direct link to the admin's page., it still works.
Can you post your script of admin's page ? When you run the logout script, sessions should get destroyed. Check if there are still values in the session variable
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

*PM asking for help will be ignored*
Reply With Quote  
Join Date: Apr 2005
Location: New York state
Posts: 465
Reputation: ShawnCplus will become famous soon enough ShawnCplus will become famous soon enough 
Rep Power: 5
Solved Threads: 72
Sponsor
ShawnCplus's Avatar
ShawnCplus ShawnCplus is online now Online
Code Monkey

Re: session log out problem

  #8  
Feb 28th, 2008
Help with Code Tags
php Syntax (Toggle Plain Text) 
  1. <?php
  2.      session_start();
  3.       if($_SESSION["status"]="logged") {
  4.       session_unset(); 
  5.       session_destroy();
  6.        header( "Location:../index.php" ); 
  7.       exit();
  8.      } else { 
  9.        if ($_SESSION["status"]="not logged") {
  10. //the session variable isn't registered, the user shouldn't even be on this page 
  11.        header( "Location:../index.php" ); 
  12.       exit();
  13.     }
  14.   }
  15. ?>
Take a look at those if statements. Those are SETTING $_SESSION['status'], not comparing them. Comparisons use ==
GCS d- s+:+ a-->? C++(++++) UL+++ P+>+++ L+++ !E--- W+++
N+ o K w++(---) O? !M- V PS+>++ PE+ Y+ PGP !t- 5? X- R tv+
b+>++ DI+ D G++>+++ e+ h+>++ r z+*
Reply With Quote  
Join Date: Oct 2007
Location: Penang Island, Malaysia
Posts: 173
Reputation: lordx78 is an unknown quantity at this point 
Rep Power: 1
Solved Threads: 2
lordx78's Avatar
lordx78 lordx78 is offline Offline
Junior Poster

Re: session log out problem

  #9  
Feb 28th, 2008
login.php
Help with Code Tags
php Syntax (Toggle Plain Text) 
  1. <?php
  2. // Send NOTHING to the Web browser prior to the session_start() line!
  3.  
  4. // Check if the form has been submitted.
  5. if (isset($_POST['submitted'])) {
  6.  
  7. 	require_once ('mysql_connect.php'); // Connect to the db.
  8.  
  9. 	$errors = array(); // Initialize error array.
  10.  
  11. 	// Check for an email address.
  12. 	if (empty($_POST['username'])) {
  13. 		$errors[] = 'You forgot to enter your Username.';
  14. 	} else {
  15. 		$u = escape_data($_POST['username']);
  16. 	}
  17.  
  18. 	// Check for a password.
  19. 	if (empty($_POST['password'])) {
  20. 		$errors[] = 'You forgot to enter your password.';
  21. 	} else {
  22. 		$p = escape_data($_POST['password']);
  23. 	}
  24.  
  25. 	if (empty($errors)) { // If everything's OK.
  26.  
  27. 		/* Retrieve the user_id and first_name for 
  28. 		that email/password combination. */
  29. 		$query = "SELECT user_id, first_name FROM adminprofile WHERE username='$u' AND password='$p'";		
  30. 		$result = @mysql_query ($query); // Run the query.
  31. 		$row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable.
  32.  
  33. 		if ($row) { // A record was pulled from the database.
  34.  
  35. 			// Set the session data & redirect.
  36. 			session_name ('YourVisitID');
  37. 			session_start();
  38. 			$_SESSION['user_id'] = $row[0];
  39. 			$_SESSION['first_name'] = $row[1];
  40. 			$_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);
  41.  
  42. 			// Redirect the user to the loggedin.php page.
  43. 			// Start defining the URL.
  44. 			$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
  45. 			// Check for a trailing slash.
  46. 			if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
  47. 				$url = substr ($url, 0, -1); // Chop off the slash.
  48. 			}
  49. 			// Add the page.
  50. 			//$url .= 'loggedin.php';
  51.  
  52. 			//header("Location: $url");
  53. 			header("Location: loggedin.php");
  54. 			exit(); // Quit the script.
  55.  
  56. 		} else { // No record matched the query.
  57. 			$errors[] = 'The username and password entered do not match those on file.'; // Public message.
  58. 			$errors[] = mysql_error() . '<br /><br />Query: ' . $query; // Debugging message.
  59. 		}
  60.  
  61. 	} // End of if (empty($errors)) IF.
  62.  
  63. 	mysql_close(); // Close the database connection.
  64.  
  65. } else { // Form has not been submitted.
  66.  
  67. 	$errors = NULL;
  68.  
  69. } // End of the main Submit conditional.
  70.  
  71. // Begin the page now.
  72. $page_title = 'Login';
  73. include ('./includes/header.html');
  74.  
  75. if (!empty($errors)) { // Print any error messages.
  76. 	echo '<h1 id="mainhead">Error!</h1>
  77. 	<p class="error">The following error(s) occurred:<br />';
  78. 	foreach ($errors as $msg) { // Print each error.
  79. 		echo " - $msg<br />\n";
  80. 	}
  81. 	echo '</p><p>Please try again.</p>';
  82. }
  83.  
  84. // Create the form.
  85. ?>
  86. <h2>Login</h2>
  87. <form action="login.php" method="post">
  88. 	<p>Username: <input type="text" name="username" size="20" maxlength="15" /> </p>
  89. 	<p>Password: <input type="password" name="password" size="20" maxlength="15" /></p>
  90. 	<p><input type="submit" name="submit" value="Login" /></p>
  91. 	<input type="hidden" name="submitted" value="TRUE" />
  92. </form>
  93. <?php
  94. include ('./includes/footer.html');
  95. ?>

loggedin.php(admin page)
Help with Code Tags
php Syntax (Toggle Plain Text) 
  1. <?php
  2. # User is redirected here from login.php.
  3.  
  4. session_name ('YourVisitID');
  5. session_start(); // Start the session.
  6.  
  7. // If no session value is present, redirect the user.
  8. if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT'])) ) {
  9.  
  10. 	// Start defining the URL.
  11. 	$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
  12. 	// Check for a trailing slash.
  13. 	if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
  14. 		$url = substr ($url, 0, -1); // Chop off the slash.
  15. 	}
  16. 	//$url .= 'index.php'; // Add the page.
  17. 	//header("Location: $url");
  18. 	header("Location: index.php");
  19. 	exit(); // Quit the script.
  20. }
  21.  
  22. // Set the page title and include the HTML header.
  23. $page_title = 'Logged In!';
  24. include ('./includes/header1.html');
  25.  
  26. // Print a customized message.
  27. echo "<h1>Logged In!</h1>
  28. <p>You are now logged in, {$_SESSION['first_name']}!</p>
  29. <p><br /><br /></p>";
  30.  
  31. include ('./includes/footer.html');
  32. ?>

Advise pls.
"I might not be the BEST but I'm not like the REST!"
Reply With Quote  
Join Date: Nov 2007
Location: Bangalore, India
Posts: 3,098
Reputation: nav33n has a spectacular aura about nav33n has a spectacular aura about 
Rep Power: 8
Solved Threads: 240
nav33n's Avatar
nav33n nav33n is offline Offline
Posting Sensei

Re: session log out problem

  #10  
Feb 28th, 2008
Maybe this isn't working. Print some statements inside this loop and execute this script (without logging in).
if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT'])) ) {
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

*PM asking for help will be ignored*
Reply With Quote  
Reply
Page 1 of 2 1 2 >

Only community members can participate in forum threads. You must register or log in to contribute.

Register
DaniWeb PHP Marketplace
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 

Thread Tools Display Modes
Linear Mode Linear Mode

firefox background-position problem solved update panel scroll problem
Similar Threads
Other Threads in the PHP Forum

Advertising Opportunities on DaniWeb
Contact Us - Newsletter Archive - Sitemap - Privacy Statement
All times are GMT -4. The time now is 5:35 pm.
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC