PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Tue Sep 25, 2018 1:04 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 42 posts ]  Go to page Previous  1, 2, 3  Next
Author Message
PostPosted: Sun Mar 11, 2012 8:33 pm 
Offline
Jack of Zircons
User avatar

Joined: Thu Nov 09, 2006 9:30 pm
Posts: 4484
Location: California, USA
Please answer his question. It is important.


Top
 Profile  
 
PostPosted: Mon Mar 12, 2012 6:53 am 
Offline
Forum Commoner

Joined: Fri Feb 24, 2012 10:56 am
Posts: 70
I am closing the tab and they are still logged in


Top
 Profile  
 
PostPosted: Mon Mar 12, 2012 1:07 pm 
Offline
Jack of Zircons
User avatar

Joined: Thu Nov 09, 2006 9:30 pm
Posts: 4484
Location: California, USA
beginner123 wrote:
I am closing the tab and they are still logged in
That's why it's important. The session remains open until the browser is closed. Just closing the tab does not end the session.


Top
 Profile  
 
PostPosted: Mon Mar 12, 2012 2:21 pm 
Offline
Forum Commoner

Joined: Fri Feb 24, 2012 10:56 am
Posts: 70
ok so how do i end the session? I have session_start(); in the sign in page and session_start(); session_destroy(); in the sign out page but it doesn't work


Top
 Profile  
 
PostPosted: Mon Mar 12, 2012 2:33 pm 
Offline
Jack of Zircons
User avatar

Joined: Thu Nov 09, 2006 9:30 pm
Posts: 4484
Location: California, USA
As it says in the manual http://www.php.net/manual/en/function.session-destroy.php,
PHP Manual wrote:
session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.


Top
 Profile  
 
PostPosted: Mon Mar 12, 2012 3:14 pm 
Offline
Forum Commoner

Joined: Fri Feb 24, 2012 10:56 am
Posts: 70
ok so I added the code from the link you gave but it still doesn't log out when I close the browser tab. here all the code for the sign out page:
Syntax: [ Download ] [ Hide ]
<?php  
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Finally, destroy the session.
session_destroy();
       
//signout.php
include 'connect.php';
include 'header.php';

echo '<h2>Sign out</h2>';

//check if user is signed in first
if($_SESSION['signed_in'] == true)
{
        //all variables to null to sign out
        $_SESSION['signed_in'] = NULL;
        $_SESSION['userName'] = NULL;
        $_SESSION['userID']   = NULL;

        echo 'Succesfully signed out, thank you for visiting.';

}
else
{
        echo 'You are not signed in. Would you <a href="signin.php">like to</a>?';
}
include 'footer.php';


?>
 


Top
 Profile  
 
PostPosted: Mon Mar 12, 2012 3:24 pm 
Offline
Jack of Zircons
User avatar

Joined: Thu Nov 09, 2006 9:30 pm
Posts: 4484
Location: California, USA
Try
Syntax: [ Download ] [ Hide ]
unset($_SESSION);

instead of
Syntax: [ Download ] [ Hide ]
//check if user is signed in first
if($_SESSION['signed_in'] == true)
{
        //all variables to null to sign out
        $_SESSION['signed_in'] = NULL;
        $_SESSION['userName'] = NULL;
        $_SESSION['userID']   = NULL;

        echo 'Succesfully signed out, thank you for visiting.';

}
else
{
        echo 'You are not signed in. Would you <a href="signin.php">like to</a>?';
}


Top
 Profile  
 
PostPosted: Mon Mar 12, 2012 3:39 pm 
Offline
Forum Commoner

Joined: Fri Feb 24, 2012 10:56 am
Posts: 70
no still won't work, I'm still signed in if i close the browser


Top
 Profile  
 
PostPosted: Mon Mar 12, 2012 5:57 pm 
Offline
Jack of Zircons
User avatar

Joined: Thu Nov 09, 2006 9:30 pm
Posts: 4484
Location: California, USA
Then I guess you'll have to do some debugging. After your code that is supposed to kill the session, enter a debugging line to print out something like:
Syntax: [ Download ] [ Hide ]
echo "the user is: $_SESSION['userName']";

If nothing at all prints out on the screen, your script is not reaching that point, so you'll have to figure out why not. If it prints out "the user is:", but nothing else, then the session variables HAVE been destroyed, so you'll have to figure out why it's starting up again. If it prints out the user name, then you know that the variables have not been destroyed, although I can't see how that could happen. Let us know what happens.


Top
 Profile  
 
PostPosted: Tue Mar 13, 2012 11:40 am 
Offline
Forum Commoner

Joined: Fri Feb 24, 2012 10:56 am
Posts: 70
the code you suggested gives an error: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\wamp\www\project\signout.php on line 22

so I tried this code instead:
Syntax: [ Download ] [ Hide ]
echo 'the user is:' . $_SESSION['userName'];  
but that gave this message
Notice: Undefined index: userName in C:\wamp\www\project\signout.php on line 23


Top
 Profile  
 
PostPosted: Tue Mar 13, 2012 12:24 pm 
Offline
Jack of Zircons
User avatar

Joined: Thu Nov 09, 2006 9:30 pm
Posts: 4484
Location: California, USA
Sorry about the first error. I should have known that an array variable cannot be evaluated within a quoted string. The second error message provides valuable information: it is telling you that indeed the session variable for the userName is not defined, therefore it WAS destroyed. If you put exactly that same line just BEFORE the lines that destroyed the session, it should print out the userName value. Therefore, your task now is to examine the way you are displaying the userName, because this demonstrates that the user HAS been logged out, as far as the session variables are concerned, but your display script is using some variable, perhaps, that still contains the value.


Top
 Profile  
 
PostPosted: Tue Mar 13, 2012 12:41 pm 
Offline
Forum Commoner

Joined: Fri Feb 24, 2012 10:56 am
Posts: 70
username is used a lot in my codes. I have a userbar that says hello 'username' which i notices now doesn't work since I put session_start(); in the sign in page. Should session_start() be somewhere else?


Top
 Profile  
 
PostPosted: Tue Mar 13, 2012 1:11 pm 
Offline
Jack of Zircons
User avatar

Joined: Thu Nov 09, 2006 9:30 pm
Posts: 4484
Location: California, USA
session_start must be at the beginning of EVERY PHP script that needs to either read or write session variables.

So you need to review all your scripts that involve username (which may be all your scripts) and determine why you still show the username after the session variable has been killed.


Top
 Profile  
 
PostPosted: Tue Mar 13, 2012 2:09 pm 
Offline
Forum Commoner

Joined: Fri Feb 24, 2012 10:56 am
Posts: 70
ok I added session_start to all the pages since they all need session variables and I have no idea why I'm still signed in. If session_destory is working I don't know why it still says hello 'usename' when i reopen the tab so its still not signing me out when the tab is closed.
Quote:
as requinix said:
Store whatever information you need (like the username) in the session

Do I need to add something to session_start?


Top
 Profile  
 
PostPosted: Tue Mar 13, 2012 2:14 pm 
Offline
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 6424
Location: Montreal, Canada
No, there's nothing to add to session_start(). Like califdon has already mentioned -- and you have already confirmed -- it appears that session data is being properly unset and that the username must also be stored somewhere else.

_________________
Supported PHP versions No longer supported versions


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 42 posts ]  Go to page Previous  1, 2, 3  Next

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group