Session destroy not working....

Reply

Join Date: Oct 2007
Posts: 178
Reputation: lordx78 is an unknown quantity at this point 
Solved Threads: 2
lordx78's Avatar
lordx78 lordx78 is offline Offline
Junior Poster

Session destroy not working....

 
0
  #1
Mar 11th, 2008
auth.php
php Syntax (Toggle Plain Text) 
  1. <?php
  2.  
  3. // start session
  4. session_start(); 
  5. // convert username and password from _POST or _SESSION
  6. if($_POST){
  7.   $_SESSION['username']=$_POST['username'];
  8.   $_SESSION['password']=$_POST['password'];  
  9. }
  10.  
  11. // query for a user/pass match
  12. $result = mysql_query("SELECT * FROM users WHERE username='" . $_SESSION['username'] . "' and password='" . $_SESSION['password'] . "'");
  13.  
  14. // retrieve number of rows resulted
  15. $user = mysql_num_rows($result);
  16.  
  17. // print login form and exit if failed.
  18. if($user < 1){
  19. echo " Please login";
  20. ?>

logout.php
php Syntax (Toggle Plain Text) 
  1. <?php
  2. // logout.php
  3.  
  4. // you must start session before destroying it
  5. session_start();
  6. session_unset();
  7. session_destroy();
  8. //}
  9.  
  10.  
  11. //echo "You have been successfully logged out.
  12. echo " logged. Out.";
  13. ?>

The codes above working fine, after I log out, if I paste the direct link to the admin.php, it won't go. But the problem is, when I log out, if I press the back button on the browser (firefox), it will back to admin.php.*

Please help.

* echo part in both codes was temporarily changed to save page.
Last edited by lordx78; Mar 11th, 2008 at 3:00 am.
"I might not be the BEST but I'm not like the REST!"
Reply With Quote Quick reply to this message  
Join Date: Aug 2007
Posts: 570
Reputation: ryan_vietnow is an unknown quantity at this point 
Solved Threads: 71
ryan_vietnow's Avatar
ryan_vietnow ryan_vietnow is offline Offline
Posting Pro

Re: Session destroy not working....

 
0
  #2
Mar 11th, 2008
redirect your page to somewhere so that when back button is clicked he cannot go back to the auth.php.
change this:

php Syntax (Toggle Plain Text) 
  1. echo " logged. Out.";

to:

php Syntax (Toggle Plain Text) 
  1. header('Location:index.php');
http://www.ryantetek.com/
Reply With Quote Quick reply to this message  
Join Date: Nov 2007
Posts: 3,761
Reputation: nav33n is a jewel in the rough nav33n is a jewel in the rough nav33n is a jewel in the rough 
Solved Threads: 332
Moderator
Featured Poster
nav33n's Avatar
nav33n nav33n is offline Offline
Senior Poster

Re: Session destroy not working....

 
0
  #3
Mar 11th, 2008
What's in your admin.php page ? Are you checking if the session is valid or it has expired ? The best way to completely destroy the session is to redirect the page after you destroy the session. When the user clicks on the logout link, I do it this way.
php Syntax (Toggle Plain Text) 
  1. <a href="index.php?logout=true">Logout</a>
  2. .....
  3. //in index.php
  4. session_start();
  5. ....
  6. if(isset($_REQUEST['logout']) && $_REQUEST['logout']=='true')){
  7.  session_destroy();
  8. }
Edit: Or you can do as ryan_vietnow has mentioned.. Its much easier way.
Last edited by nav33n; Mar 11th, 2008 at 3:11 am.
Ignorance is definitely not bliss!

*PM asking for help will be ignored*
Reply With Quote Quick reply to this message  
Join Date: Oct 2007
Posts: 178
Reputation: lordx78 is an unknown quantity at this point 
Solved Threads: 2
lordx78's Avatar
lordx78 lordx78 is offline Offline
Junior Poster

Re: Session destroy not working....

 
0
  #4
Mar 11th, 2008
* echo part in both codes was temporarily changed to save page.

the actual echo was;

php Syntax (Toggle Plain Text) 
  1. <?php
  2. //echo "You have been successfully logged out.
  3. echo "
  4. <html>
  5. <head>
  6. 	<title>Cycle Tracks Portal</title>
  7. 	<style type='text/css' media='all'>@import 'images/style.css';
  8. 	</style>
  9. 	<link rel='alternate' type='application/rss+xml' title='RSS 2.0' href='rss/' />
  10. </head>
  11. <body>
  12. 	<div class='content'>
  13. 		<div class='topmenu'>
  14. 			<div class='date_'>";
  15. 				 echo date('l dS \of F Y');
  16. 		echo "</div>
  17. 		</div>
  18. 		<div id='submenu'>
  19. 			<form action='#'>
  20. 			</form>
  21. 			<br>
  22. 		</div>	
  23. 		<div class='cycle1'>
  24. 			<div class='title' style='text-align: center; width: 179px'>
  25. 			</div>
  26. 		<div class='slogan' style='width: 223px; height: 11px'></div>
  27. 	</div>";
  28. 	echo "<div><br>
  29. 			<p style='font-family:Calibri; color:#0066FF; font-size: large; text-align:center'>You have been <span style='color:green'>Successfully</span> logged out.</p>
  30. 		</div>";
  31. 	echo "
  32. 		<marquee style=' width: 100%; height: 10%; behavior: scroll' direction='up' scrollamount='7'><p style='font-family:Calibri; color:#0066FF; font-size: large; text-align:center'>You will be now returned to the Main page.</p></marquee>
  33. 		<div class='footer'>
  34. 			<div class='padding'>
  35. 			&copy; Copyright Cycle Tracks 
  36. 			<span>®</span>
  37. 		</div>
  38. 	</div>
  39. </div>
  40. </body>
  41. </html>
  42. <META HTTP-EQUIV=\"refresh\" content=\"5; URL=index.html\"> ";
  43. ?>

*ignore the <?php and ?>
"I might not be the BEST but I'm not like the REST!"
Reply With Quote Quick reply to this message  
Join Date: Aug 2007
Posts: 570
Reputation: ryan_vietnow is an unknown quantity at this point 
Solved Threads: 71
ryan_vietnow's Avatar
ryan_vietnow ryan_vietnow is offline Offline
Posting Pro

Re: Session destroy not working....

 
0
  #5
Mar 11th, 2008
just make this actual echo a separate page(e.g. redirect.php) then change the header location as I mentioned earlier as redirect.php
http://www.ryantetek.com/
Reply With Quote Quick reply to this message  
Join Date: Dec 2007
Posts: 205
Reputation: carobee is an unknown quantity at this point 
Solved Threads: 11
carobee carobee is offline Offline
Posting Whiz in Training

Re: Session destroy not working....

 
0
  #6
Mar 11th, 2008
Originally Posted by lordx78 View Post
auth.php
php Syntax (Toggle Plain Text) 
  1. <?php
  2.  
  3. // start session
  4. session_start(); 
  5. // convert username and password from _POST or _SESSION
  6. if($_POST){
  7.   $_SESSION['username']=$_POST['username'];
  8.   $_SESSION['password']=$_POST['password'];  
  9. }
  10.  
  11. // query for a user/pass match
  12. $result = mysql_query("SELECT * FROM users WHERE username='" . $_SESSION['username'] . "' and password='" . $_SESSION['password'] . "'");
  13.  
  14. // retrieve number of rows resulted
  15. $user = mysql_num_rows($result);
  16.  
  17. // print login form and exit if failed.
  18. if($user < 1){
  19. echo " Please login";
  20. ?>
in your auth,php script, once the user is verified try setting a session variable like
$_SESSION['views']=1;
Initially keep the session variable as 0
$_SESSION['views']=0;
logout.php
php Syntax (Toggle Plain Text) 
  1. <?php
  2. // logout.php
  3.  
  4. // you must start session before destroying it
  5. session_start();
  6. session_unset();
  7. session_destroy();
  8. //}
  9.  
  10.  
  11. //echo "You have been successfully logged out.
  12. echo " logged. Out.";
  13. ?>

The codes above working fine, after I log out, if I paste the direct link to the admin.php, it won't go. But the problem is, when I log out, if I press the back button on the browser (firefox), it will back to admin.php.*

Please help.

* echo part in both codes was temporarily changed to save page.
now in the logout.php when the user logs out make the session variable as 0
$_SESSION['views']=0;
In all other pages check whether your $_SESSION['views'] is set or not . if not set direct the user to any warning page
[code=php]
<?php
ob_start();
session_start();
if($_SESSION['views']==0)
header("Location:error.php");
ob_flush();
?>
Last edited by carobee; Mar 11th, 2008 at 4:02 am.
Reply With Quote Quick reply to this message  
Join Date: Mar 2008
Posts: 70
Reputation: forzadraco is an unknown quantity at this point 
Solved Threads: 1
forzadraco forzadraco is offline Offline
Junior Poster in Training

Re: Session destroy not working....

 
0
  #7
Mar 11th, 2008
there are something wrong with ur admin.php script.. can you show me it's script
Reply With Quote Quick reply to this message  
Join Date: Apr 2006
Posts: 66
Reputation: silviuks is an unknown quantity at this point 
Solved Threads: 11
silviuks silviuks is offline Offline
Junior Poster in Training

Re: Session destroy not working....

 
0
  #8
Mar 12th, 2008
First of all, session_destroy() deletes everything you have stored on your session. if you only want to logout some user, simply use unset($_SESSION['user']) and after that redirect to the login page (or your index page). For this you can also use javascript to force redirect.
www.aiss-softwork.com
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the PHP Forum


Views: 6127 | Replies: 7
Thread Tools Search this Thread



Tag cloud for PHP
.htaccess access ajax apache api array beginner binary broken cakephp checkbox class cms code cron curl database date directory display download dynamic ebooks echo email error file files folder form forms function functions google href htaccess html image include insert integration ip java javascript joomla jquery js limit link login loop mail mediawiki menu methods mlm mod_rewrite multiple mysql oop parse paypal pdf php problem query radio random recursion regex remote script search select server sessions sms soap source space speed sql stored structure subdomain syntax system table tutorial update updates upload url validation validator variable video web xml youtube
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC