Destroying sessions...

Big_Ad

I'm trying to logout and destroy sessions which I earlier set when "logging-in" with a script I'm trying to make...

When a successful login is made, the following sessions are set:

$_SESSION['username'] = "$do_user";
$_SESSION['user_logged_in'] = "yes";

session_write_close();

But when I try to destroy these sessions, it just doesn't do it! Here's the code:

$_SESSION = array();
session_destroy();

Am I doing something wrong? I used to do a bit of coding a good while ago, but trying to get back into it so I suppose I am probably doing something wrong lol.

Any help is appreciated 🙂

crazychris

you probably just want to destroy the values in the session, so go:

$_SESSION=array();

Big_Ad

Well I already put that anyway.

Tried it again on it's own without session_destroy() and it still doesn't work...

crazychris

if you do a session_write_close(); before you clean/destroy the session, then it won't work as the variables are already saved, and the session cannot be edited until the next load.

Big_Ad

crazychris wrote:
if you do a session_write_close(); before you clean/destroy the session, then it won't work as the variables are already saved, and the session cannot be edited until the next load.

Ok.

But I done as you suggested, and it still doesn't log me out!?

crazychris

when logging out:

session_start()
$_SESSION=array();

that should do it.

Big_Ad

But session_start(); is already at the top of the page...where it should be?

Big_Ad

Hmm unless I'm doing something wrong?

Would this be ok for my "login" code then?

	$_SESSION['username'] = "$do_user";
	$_SESSION['user_logged_in'] = "yes";

session_write_close();

crazychris

don't use session_write_close(); unless you intend to header() redirect someone away, let the script run and the session will close itself. Once the session is closed, you can't update the variables, so don;t do it manually unless you need to.

Big_Ad

Ok this isn't working. I've tried changing the code, so see what you think (still not working - it will login, but not logout):

<?php

session_start();

if (!isset($_SESSION['user_logged_in']))
{
	$loggedin = "yes";
}
else
{
	$loggedin = "no";
}

require_once("../inc/vars.php");
require_once("../inc/conn.php");

if ($loggedin=="yes")
{
	print "You're already logged in, go to your <a href=\"cp.php\">admin panel</a><br>";
}
else
{

	if ($s=="1")
	{
?>
<form action="?s=2" method=post>
Username: <input type=text name=do_user size=30><br>
Password: <input type=password name=do_pass size=30><br>
<input type=submit name=submit value="next >>">
</form>
<?
		}
		elseif ($s=="2")
		{
			if ($do_user && $do_pass)
			{
				$query = "SELECT Password FROM $db_table_admin WHERE Username='$do_user'";

			$result = mysql_db_query($db_dbname, $query);
			$check  = mysql_fetch_array($result);

			$pass = md5($do_pass);

			if ($check[0]=="$pass")	
			{
				$_SESSION['username'] = "$do_user";
				$_SESSION['user_logged_in'] = "yes";

				session_write_close();

				print "Thank you $_SESSION[username], you are now logged in - please <a href=\"cp.php\">continue to your control panel</a><br>";
			}
			else
			{
				print "Invalid login";
			}
		}
		else
		{
			print "Please fill in both login fields";
		}
	}
	else
	{
?>
<form action="?s=2" method=post>
Username: <input type=text name=do_user size=30><br>
Password: <input type=password name=do_pass size=30><br>
<input type=submit name=submit value="next >>">
</form>
<?
		}
	}
?>

Control panel main page:

<?php

session_start();

if (!isset($_SESSION['user_logged_in']))
{
	$loggedin = "yes";
}
else
{
	$loggedin = "no";
}

require_once("../inc/vars.php");
require_once("../inc/conn.php");

if ($loggedin=="yes")
{	
	print "<b>Admin control panel</b> - <a href=\"logout.php\">click here to logout</a>";
}
else
{
	print "You are not logged in - please <a href=\"login.php?s=1\">click here</a>";
}

?>

Logout page:

<?php

session_start();

if (!isset($_SESSION['user_logged_in']))
{
	$loggedin = "yes";
}
else
{
	$loggedin = "no";
}

require_once("../inc/vars.php");
require_once("../inc/conn.php");

if ($loggedin=="yes")
{	

session_start();
$_SESSION = array();

	header("Location: login.php?s=1");
}
else
{
	print "You cant logout because your not <a href=\"login.php?s=1\">logged in</a>";
}

?>

I've tried doing as you said but it still doesn't work, any help would be appreciated, perhaps will be easier for you to see with all my code now.

Thanks.

samudasu

You're code is a little tough for me to follow. When you're logged in, the session variable "user_logged_in" is set. On the logout page your code says "if user_logged_in is not set then $loggedin equals yes". Do you see the problem? If user_logged_in is not set then there is no way that $logged in should equal yes.

The code below should get you logged out successfully.

<?php
session_start();
if (!isset($_SESSION['user_logged_in'])) {
    print "you're not logged in";
} else {
    $_SESSION = array();
    session_destroy();
    header('Location: login.php');
    exit();
}
?>