question about sessions

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: question about sessions

Post by califdon »

Please answer his question. It is important.
beginner123
Forum Commoner
Posts: 70
Joined: Fri Feb 24, 2012 9:56 am

Re: question about sessions

Post by beginner123 »

I am closing the tab and they are still logged in
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: question about sessions

Post by califdon »

beginner123 wrote:I am closing the tab and they are still logged in
That's why it's important. The session remains open until the browser is closed. Just closing the tab does not end the session.
beginner123
Forum Commoner
Posts: 70
Joined: Fri Feb 24, 2012 9:56 am

Re: question about sessions

Post by beginner123 »

ok so how do i end the session? I have session_start(); in the sign in page and session_start(); session_destroy(); in the sign out page but it doesn't work
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: question about sessions

Post by califdon »

As it says in the manual http://www.php.net/manual/en/function.s ... estroy.php,
PHP Manual wrote:session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
beginner123
Forum Commoner
Posts: 70
Joined: Fri Feb 24, 2012 9:56 am

Re: question about sessions

Post by beginner123 »

ok so I added the code from the link you gave but it still doesn't log out when I close the browser tab. here all the code for the sign out page:

Code: Select all

<?php 	
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Finally, destroy the session.
session_destroy();
	
//signout.php
include 'connect.php';
include 'header.php';

echo '<h2>Sign out</h2>';

//check if user is signed in first
if($_SESSION['signed_in'] == true)
{
	//all variables to null to sign out
	$_SESSION['signed_in'] = NULL;
	$_SESSION['userName'] = NULL;
	$_SESSION['userID']   = NULL;

	echo 'Succesfully signed out, thank you for visiting.';

}
else
{
	echo 'You are not signed in. Would you <a href="signin.php">like to</a>?';
}
include 'footer.php';


?>
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: question about sessions

Post by califdon »

Try

Code: Select all

unset($_SESSION);
instead of

Code: Select all

//check if user is signed in first
if($_SESSION['signed_in'] == true)
{
        //all variables to null to sign out
        $_SESSION['signed_in'] = NULL;
        $_SESSION['userName'] = NULL;
        $_SESSION['userID']   = NULL;

        echo 'Succesfully signed out, thank you for visiting.';

}
else
{
        echo 'You are not signed in. Would you <a href="signin.php">like to</a>?';
}
beginner123
Forum Commoner
Posts: 70
Joined: Fri Feb 24, 2012 9:56 am

Re: question about sessions

Post by beginner123 »

no still won't work, I'm still signed in if i close the browser
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: question about sessions

Post by califdon »

Then I guess you'll have to do some debugging. After your code that is supposed to kill the session, enter a debugging line to print out something like:

Code: Select all

echo "the user is: $_SESSION['userName']";
If nothing at all prints out on the screen, your script is not reaching that point, so you'll have to figure out why not. If it prints out "the user is:", but nothing else, then the session variables HAVE been destroyed, so you'll have to figure out why it's starting up again. If it prints out the user name, then you know that the variables have not been destroyed, although I can't see how that could happen. Let us know what happens.
beginner123
Forum Commoner
Posts: 70
Joined: Fri Feb 24, 2012 9:56 am

Re: question about sessions

Post by beginner123 »

the code you suggested gives an error: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\wamp\www\project\signout.php on line 22

so I tried this code instead:

Code: Select all

echo 'the user is:' . $_SESSION['userName'];  
but that gave this message
Notice: Undefined index: userName in C:\wamp\www\project\signout.php on line 23
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: question about sessions

Post by califdon »

Sorry about the first error. I should have known that an array variable cannot be evaluated within a quoted string. The second error message provides valuable information: it is telling you that indeed the session variable for the userName is not defined, therefore it WAS destroyed. If you put exactly that same line just BEFORE the lines that destroyed the session, it should print out the userName value. Therefore, your task now is to examine the way you are displaying the userName, because this demonstrates that the user HAS been logged out, as far as the session variables are concerned, but your display script is using some variable, perhaps, that still contains the value.
beginner123
Forum Commoner
Posts: 70
Joined: Fri Feb 24, 2012 9:56 am

Re: question about sessions

Post by beginner123 »

username is used a lot in my codes. I have a userbar that says hello 'username' which i notices now doesn't work since I put session_start(); in the sign in page. Should session_start() be somewhere else?
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: question about sessions

Post by califdon »

session_start must be at the beginning of EVERY PHP script that needs to either read or write session variables.

So you need to review all your scripts that involve username (which may be all your scripts) and determine why you still show the username after the session variable has been killed.
beginner123
Forum Commoner
Posts: 70
Joined: Fri Feb 24, 2012 9:56 am

Re: question about sessions

Post by beginner123 »

ok I added session_start to all the pages since they all need session variables and I have no idea why I'm still signed in. If session_destory is working I don't know why it still says hello 'usename' when i reopen the tab so its still not signing me out when the tab is closed.
as requinix said:
Store whatever information you need (like the username) in the session
Do I need to add something to session_start?
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: question about sessions

Post by Celauran »

No, there's nothing to add to session_start(). Like califdon has already mentioned -- and you have already confirmed -- it appears that session data is being properly unset and that the username must also be stored somewhere else.
Post Reply