Hi all,

I'm here to check out something unexpected; "Unexpected" that is based on what I read about the funtion. And it returns an error message upon a reload, which is expected.
If there ar no errors, all works fine. If there are errors/s, please see below for more info:

I found the following code in my archives:

 echo 'Before: <pre>';
  print_r($_SESSION);
  echo '</pre>After: <pre> ';
  session_destroy();
  print_r($_SESSION);
  echo '</pre>';
}

The prose (not mine) with the snipped indicated the code above would echo the sessions array in the first echo, and show it empty in the second echo. But instead, it lists the same array and elements both times. It returns :

Array
(
[d] => 434-931-67
[e] => 2
[email] => nobody@spamcop.net
)

After:
Array
(
[d] => 434-931-67
[e] => 2
[email] => nobody@spamcop.net
)

If however, I use the ReLoad button the browser asks for permission to reload data and the the output becomes:

Notice: Undefined index: e in C:\xampp\htdocs\formcheck.php on line 35

Wrong Number of Dashes Entered SCRIPT HALTED: Please go back and try again <-------------- from the previous page, due to the Reload effort. It's a proper failure.

which is correct and the arrays conatin no data because the array is now empty , apparently from the session destroy statement. Without the sessoon destroy, all works as expected, INCLUDINGk using the browser's Reload or Back Button.

Somtehing not nice for a visitor to see of course!

Here's the PHP code from the page using the session destroy call:

<?php
session_start();

$x=$_POST['email2'];
// echo "<br /> Confirmation e-mail: ".$x."<br /><br />";

$y=$_SESSION['email'];
// echo "<br /> Original e-mail: ".$y."<br /><br />";

if($x==$y) {echo "E-mails matched. <br />";}
else {
echo "<br />"."NO MATCH! ";

// REMOVE FOR PRODUCTION
  echo 'Before: <pre>';
  print_r($_SESSION);
  echo '</pre>After: <pre> ';
  session_destroy();
  print_r($_SESSION);
  echo '</pre>';
die(" FORM HALTED!  You'll have to start over.  ");
}

/* REMOVE NEXT LINE FOR PRODUCTION */
// Print_r ($_SESSION);

?>

I don't think it's needed, but here is the preceding page that calls the page in question where the session destroy is located.

<?php
session_start();
header('Cache-Control: no-cache, no-store, must-revalidate'); //HTTP/1.1
header('Expires: Sun, 01 Jul 2005 00:00:00 GMT');
header('Pragma: no-cache'); //HTTP/1.0
echo " Please Continue: " ."<br />";

$_SESSION['email'] = $_POST['email'];



/* Set e-mail recipient"  */
$myemail  = "web-master@hcs-classof64.net";
echo "<br />"."My E-mail: ".$myemail."<br />";
// Verify the code is correct:
/* REMOVE COMMENT TAGS FOR PRODUCTION
 $code=($_POST['code']);
if ($code != $_SESSION["d"]) {
  die("The code was " . $_SESSION["d"] . " but nooooo, you had to enter something else! " . $code. " You'll have to try again with a new code.");
 }
*/

$name=($_POST['name']);

echo "Your Entered Name is: ".$name."<br />";
   $name    = stripslashes($_POST['name']);
/* validate the integer */
echo "Your stripped name is : " . "  " . $name,"<br />";
// Look for spaces to determine how many names were entered
 if (count(explode(' ', $name)) >2) {
 echo "You used too many names- use 1 or 2 names (only 0 or 1 space): "."<br />";
  die("Please go back and try again");
}
$dash=($_POST['dash']);
if ($dash != $_SESSION["e"]) { echo "Wrong Number of Dashes Entered ";
 die("SCRIPT HALTED: Please go back and try again");
}

// ================ NOW FOR EMAIL =========
$email=($_POST['email']);

if(filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE)
        {
    /* if it fails validation */
        echo "$email is invalid";
        }else
        {
    /* if the address passes validation */
        echo "$email is valid";
}
echo "<br />"." The original address entered was ". $email . "<br />";
?>
<html>
<body>
<form action="formcheck2.php" method="post">
<br /><b>Please confirm your e-mail address:</b> <input type="text" name="email2" size="30" maxlength="40">

<p> <input type="submit" value="Submit E-mail">
</p>

</form>
</body>
</html>

<?php
$respond = $_POST['respond'];
echo "<br /><br />" . "Wants e-mail Response? " . $respond . "<br /><br />";
$comments=$_POST['comments'];
echo "comments"."<br />";
echo str_replace("/",$_POST['comments'],"");
  $comments= stripslashes($_POST['comments']);
echo $comments;
$ip=$_SERVER['REMOTE_ADDR'];
echo "<br /><br />" . "Your ip is: " . $_SERVER['REMOTE_ADDR'] . "<br

 />";

?>

On second thought, I guess the error won't be a problem since in production (not on my local server) errors won't show. I don't think<G>

TIA

Rivet`
TIA,

    Straight from the manual page for [man]session_destroy/man:

    PHP Manual wrote:

    It does not unset any of the global variables associated with the session, or unset the session cookie.

    EDIT: Note on that same manual page is an example that illustrates what you would need to do to immediately and completely eliminate all traces of a session.

      Unless I'm mistaken, session_destroy will just delete the file or data record on your server that contains the data belonging to a particular session.

      As for the error message you are getting when there is no session, this is because you are trying to look at data that no longer exists. When you use session_destroy, it gets rid of the file that defines all the array elements of the $SESSION variable. Because all of these elements are gone when you reload the page after destroying your session, you are getting an error because you are trying to check $SESSION["email"] which <i>does not exist</i>. You should probably check whether an array value exists before trying to use it using either [man]isset[/man] or [man]array_key_exists[/man].

        bradgrafelman;11029485 wrote:

        Straight from the manual page for [man]session_destroy/man:

        EDIT: Note on that same manual page is an example that illustrates what you would need to do to immediately and completely eliminate all traces of a session.

        I assume you're referring to the cookie destruction? It makes sense, but ... what cookies?
        Are these cookies on MY system? I don't create any cookies so I'm assuming these are cookies that get set on my own machine; is that correct?

        I think my real question is why the following code snippet doesn't work:

        echo 'Before: <pre>'; 
  print_r($_SESSION); 
  echo '</pre>After: <pre> '; <------- This shows the loaded array
  session_destroy();              <---------- This should destroy the session, but does not
  print_r($_SESSION);          <-------- And this also shows the loaded array
  echo '</pre>';

        Is that code crap, or what? SHOULD it work?

        TIA,
        Rivet`

          Rivet;11029525 wrote:

          I assume you're referring to the cookie destruction?

          That and the data that was originally loaded into the $_SESSION array before the session was destroyed.

          Rivet;11029525 wrote:

          what cookies?
          Are these cookies on MY system? I don't create any cookies so I'm assuming these are cookies that get set on my own machine; is that correct?

          The cookie (singular) that you're very likely using to propagate the session ID between page requests. See the PHP manual page [man]session.idpassing[/man] for more info.

          Rivet;11029525 wrote:

          I think my real question is why the following code snippet doesn't work:

          echo 'Before: <pre>'; 
  print_r($_SESSION); 
  echo '</pre>After: <pre> '; <------- This shows the loaded array
  session_destroy();              <---------- This should destroy the session, but does not
  print_r($_SESSION);          <-------- And this also shows the loaded array
  echo '</pre>';

          Is that code crap, or what? SHOULD it work?

          Two things about the code snippet that are incorrect:

          1. Yes, [man]session_destroy/man does what the manual claims it will do; namely, it "destroys all of the data associated with the current session." Any subsequent request that passes in the same session ID will be unable to access any of the data that had existed at the start of the page request during which you called session_destroy().

          2. Yes, printing $_SESSION out on the same request where you destroyed the session should still show the data that is cached in memory but has already been destroyed. After all, that's exactly what the PHP manual says will happen (as per the part I quoted above).

            OOF! Thanks; that's exactly how it was working.
            Your response has again been given a home in my PHP directory.

            Thanks for clarifying!

              Write a Reply...