question about sessions
Moderator: General Moderators
Re: question about sessions
Please answer his question. It is important.
-
beginner123
- Forum Commoner
- Posts: 70
- Joined: Fri Feb 24, 2012 9:56 am
Re: question about sessions
I am closing the tab and they are still logged in
Re: question about sessions
That's why it's important. The session remains open until the browser is closed. Just closing the tab does not end the session.beginner123 wrote:I am closing the tab and they are still logged in
-
beginner123
- Forum Commoner
- Posts: 70
- Joined: Fri Feb 24, 2012 9:56 am
Re: question about sessions
ok so how do i end the session? I have session_start(); in the sign in page and session_start(); session_destroy(); in the sign out page but it doesn't work
Re: question about sessions
As it says in the manual http://www.php.net/manual/en/function.s ... estroy.php,
PHP Manual wrote:session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
-
beginner123
- Forum Commoner
- Posts: 70
- Joined: Fri Feb 24, 2012 9:56 am
Re: question about sessions
ok so I added the code from the link you gave but it still doesn't log out when I close the browser tab. here all the code for the sign out page:
Code: Select all
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
//signout.php
include 'connect.php';
include 'header.php';
echo '<h2>Sign out</h2>';
//check if user is signed in first
if($_SESSION['signed_in'] == true)
{
//all variables to null to sign out
$_SESSION['signed_in'] = NULL;
$_SESSION['userName'] = NULL;
$_SESSION['userID'] = NULL;
echo 'Succesfully signed out, thank you for visiting.';
}
else
{
echo 'You are not signed in. Would you <a href="signin.php">like to</a>?';
}
include 'footer.php';
?>
Re: question about sessions
Try
instead of
Code: Select all
unset($_SESSION);Code: Select all
//check if user is signed in first
if($_SESSION['signed_in'] == true)
{
//all variables to null to sign out
$_SESSION['signed_in'] = NULL;
$_SESSION['userName'] = NULL;
$_SESSION['userID'] = NULL;
echo 'Succesfully signed out, thank you for visiting.';
}
else
{
echo 'You are not signed in. Would you <a href="signin.php">like to</a>?';
}-
beginner123
- Forum Commoner
- Posts: 70
- Joined: Fri Feb 24, 2012 9:56 am
Re: question about sessions
no still won't work, I'm still signed in if i close the browser
Re: question about sessions
Then I guess you'll have to do some debugging. After your code that is supposed to kill the session, enter a debugging line to print out something like:
If nothing at all prints out on the screen, your script is not reaching that point, so you'll have to figure out why not. If it prints out "the user is:", but nothing else, then the session variables HAVE been destroyed, so you'll have to figure out why it's starting up again. If it prints out the user name, then you know that the variables have not been destroyed, although I can't see how that could happen. Let us know what happens.
Code: Select all
echo "the user is: $_SESSION['userName']";-
beginner123
- Forum Commoner
- Posts: 70
- Joined: Fri Feb 24, 2012 9:56 am
Re: question about sessions
the code you suggested gives an error: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\wamp\www\project\signout.php on line 22
so I tried this code instead:but that gave this message
Notice: Undefined index: userName in C:\wamp\www\project\signout.php on line 23
so I tried this code instead:
Code: Select all
echo 'the user is:' . $_SESSION['userName']; Notice: Undefined index: userName in C:\wamp\www\project\signout.php on line 23
Re: question about sessions
Sorry about the first error. I should have known that an array variable cannot be evaluated within a quoted string. The second error message provides valuable information: it is telling you that indeed the session variable for the userName is not defined, therefore it WAS destroyed. If you put exactly that same line just BEFORE the lines that destroyed the session, it should print out the userName value. Therefore, your task now is to examine the way you are displaying the userName, because this demonstrates that the user HAS been logged out, as far as the session variables are concerned, but your display script is using some variable, perhaps, that still contains the value.
-
beginner123
- Forum Commoner
- Posts: 70
- Joined: Fri Feb 24, 2012 9:56 am
Re: question about sessions
username is used a lot in my codes. I have a userbar that says hello 'username' which i notices now doesn't work since I put session_start(); in the sign in page. Should session_start() be somewhere else?
Re: question about sessions
session_start must be at the beginning of EVERY PHP script that needs to either read or write session variables.
So you need to review all your scripts that involve username (which may be all your scripts) and determine why you still show the username after the session variable has been killed.
So you need to review all your scripts that involve username (which may be all your scripts) and determine why you still show the username after the session variable has been killed.
-
beginner123
- Forum Commoner
- Posts: 70
- Joined: Fri Feb 24, 2012 9:56 am
Re: question about sessions
ok I added session_start to all the pages since they all need session variables and I have no idea why I'm still signed in. If session_destory is working I don't know why it still says hello 'usename' when i reopen the tab so its still not signing me out when the tab is closed.
Do I need to add something to session_start?as requinix said:
Store whatever information you need (like the username) in the session
Re: question about sessions
No, there's nothing to add to session_start(). Like califdon has already mentioned -- and you have already confirmed -- it appears that session data is being properly unset and that the username must also be stored somewhere else.