0
<?php
session_start();
session_unset('YourVisitID');
session_destroy();
header("location:index.php");
?>

I've use the code above to destroy my session after login, but instead of destroying it, It creates another session called 'PHPSESID'. I'm using XAMPP localhost. Please advise.*

* page redirection works fine

4
Contributors
13
Replies
15
Views
8 Years
Discussion Span
Last Post by nav33n
0

I'm using Mozilla Firefox. After I logged it, I checked the cookies, there will only 'YourVisitID' under localhost. Then when I press log out button, It will redirect me back to the i.dex.php. Then I tried to copy & paste the direct link to the admin's page., it still works. then I went to check the cookies again, and what I saw under localhost was the intial session 'YourVisitID' was still there and not destroyed and there will be another cookie named 'PHPSESID'.

Advise please.

0

Are you validating existence of session in admin's page ? Try ths simple example.

<?php //page1.php
session_start();
$_SESSION['name']="test";
echo "<a href='page2.php'>Click here</a>";
?>

This is page2.php

<?php
session_start();
if(!empty($_SESSION['name'])){
 echo $_SESSION['name'];
} else {
 echo "Invalid session";
}
?>

Well, if you try to access page2.php directly, you will get Invalid session. Are you doing a check like this one in admin's page ?

0

Here is what I do

secure.php

<?php
     session_start();
     if (empty($_SESSION['username'])) {
     header("location:index.php");
     exit; }
 ?>

logout.php

<?php
     session_start();
      if($_SESSION["status"]="logged") {
      session_unset(); 
      session_destroy();
       header( "Location:../index.php" ); 
      exit();
     } else { 
       if ($_SESSION["status"]="not logged") {
//the session variable isn't registered, the user shouldn't even be on this page 
       header( "Location:../index.php" ); 
      exit();
    }
  }
?>
0

I'm using Mozilla Firefox. After I logged it, I checked the cookies, there will only 'YourVisitID' under localhost. Then when I press log out button, It will redirect me back to the i.dex.php. Then I tried to copy & paste the direct link to the admin's page., it still works.

Can you post your script of admin's page ? When you run the logout script, sessions should get destroyed. Check if there are still values in the session variable :S

0
<?php
     session_start();
      if($_SESSION["status"]="logged") {
      session_unset(); 
      session_destroy();
       header( "Location:../index.php" ); 
      exit();
     } else { 
       if ($_SESSION["status"]="not logged") {
//the session variable isn't registered, the user shouldn't even be on this page 
       header( "Location:../index.php" ); 
      exit();
    }
  }
?>

Take a look at those if statements. Those are SETTING $_SESSION, not comparing them. Comparisons use ==

0

login.php

<?php
// Send NOTHING to the Web browser prior to the session_start() line!

// Check if the form has been submitted.
if (isset($_POST['submitted'])) {

	require_once ('mysql_connect.php'); // Connect to the db.
		
	$errors = array(); // Initialize error array.
	
	// Check for an email address.
	if (empty($_POST['username'])) {
		$errors[] = 'You forgot to enter your Username.';
	} else {
		$u = escape_data($_POST['username']);
	}
	
	// Check for a password.
	if (empty($_POST['password'])) {
		$errors[] = 'You forgot to enter your password.';
	} else {
		$p = escape_data($_POST['password']);
	}
	
	if (empty($errors)) { // If everything's OK.

		/* Retrieve the user_id and first_name for 
		that email/password combination. */
		$query = "SELECT user_id, first_name FROM adminprofile WHERE username='$u' AND password='$p'";		
		$result = @mysql_query ($query); // Run the query.
		$row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable.

		if ($row) { // A record was pulled from the database.
				
			// Set the session data & redirect.
			session_name ('YourVisitID');
			session_start();
			$_SESSION['user_id'] = $row[0];
			$_SESSION['first_name'] = $row[1];
			$_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);

			// Redirect the user to the loggedin.php page.
			// Start defining the URL.
			$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
			// Check for a trailing slash.
			if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
				$url = substr ($url, 0, -1); // Chop off the slash.
			}
			// Add the page.
			//$url .= 'loggedin.php';
			
			//header("Location: $url");
			header("Location: loggedin.php");
			exit(); // Quit the script.
				
		} else { // No record matched the query.
			$errors[] = 'The username and password entered do not match those on file.'; // Public message.
			$errors[] = mysql_error() . '<br /><br />Query: ' . $query; // Debugging message.
		}
		
	} // End of if (empty($errors)) IF.
		
	mysql_close(); // Close the database connection.

} else { // Form has not been submitted.

	$errors = NULL;

} // End of the main Submit conditional.

// Begin the page now.
$page_title = 'Login';
include ('./includes/header.html');

if (!empty($errors)) { // Print any error messages.
	echo '<h1 id="mainhead">Error!</h1>
	<p class="error">The following error(s) occurred:<br />';
	foreach ($errors as $msg) { // Print each error.
		echo " - $msg<br />\n";
	}
	echo '</p><p>Please try again.</p>';
}

// Create the form.
?>
<h2>Login</h2>
<form action="login.php" method="post">
	<p>Username: <input type="text" name="username" size="20" maxlength="15" /> </p>
	<p>Password: <input type="password" name="password" size="20" maxlength="15" /></p>
	<p><input type="submit" name="submit" value="Login" /></p>
	<input type="hidden" name="submitted" value="TRUE" />
</form>
<?php
include ('./includes/footer.html');
?>

loggedin.php(admin page)

<?php
# User is redirected here from login.php.

session_name ('YourVisitID');
session_start(); // Start the session.

// If no session value is present, redirect the user.
if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT'])) ) {

	// Start defining the URL.
	$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
	// Check for a trailing slash.
	if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
		$url = substr ($url, 0, -1); // Chop off the slash.
	}
	//$url .= 'index.php'; // Add the page.
	//header("Location: $url");
	header("Location: index.php");
	exit(); // Quit the script.
}

// Set the page title and include the HTML header.
$page_title = 'Logged In!';
include ('./includes/header1.html');

// Print a customized message.
echo "<h1>Logged In!</h1>
<p>You are now logged in, {$_SESSION['first_name']}!</p>
<p><br /><br /></p>";

include ('./includes/footer.html');
?>

Advise pls.

0

Maybe this isn't working. Print some statements inside this loop and execute this script (without logging in). if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT'])) ) {

0
<?php
// This is the logout page for the site.

// Include the configuration file for error management and such.
require_once ('mysql_connect.php'); 

// Set the page title and include the HTML header.
$page_title = 'Logout';
include ('./includes/header.html');
$MM_redirectLoginFailed = "index.html";
$MM_redirecttoReferrer = true;

// If no first_name variable exists, redirect the user.
if (isset($_SESSION['first_name'])) {

	// Start defining the URL.
	//$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
	// Check for a trailing slash.
	//if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
		//$url = substr ($url, 0, -1); // Chop off the slash.
	//}
	// Add the page.
	//$url .= '/index.html';
	
	ob_end_clean(); // Delete the buffer.
	//header("Location: $url");
	//header("Location: index.html");
	echo "<script type='text/javascript'>location.href='$MM_redirectLoginSuccess';</script>";
	exit(); // Quit the script.
	
} else { // Logout the user.

	$_SESSION = array(); // Destroy the variables.
	session_destroy(); // Destroy the session itself.
	//session_unset();
	setcookie (session_name(), '', time()-300, '/', '', 0); // Destroy the cookie.

}

// Print a customized message.
echo "<h3>You are now logged out.</h3>";

include ('./includes/footer.html');
?>

I've tried this code and the errors are:

Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session in C:\xampp\htdocs\cycle\logout.php on line 34

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\cycle\includes\header.html:7) in C:\xampp\htdocs\cycle\logout.php on line 36

Please help.

0

Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session in C:\xampp\htdocs\cycle\logout.php on line 34

That means you are trying to destroy a session that doesn't exist.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.