Page 2 of 3
Re: question about sessions
Posted: Sun Mar 11, 2012 8:33 pm
by califdon
Please answer his question. It is important.
Re: question about sessions
Posted: Mon Mar 12, 2012 6:53 am
by beginner123
I am closing the tab and they are still logged in
Re: question about sessions
Posted: Mon Mar 12, 2012 1:07 pm
by califdon
beginner123 wrote:I am closing the tab and they are still logged in
That's why it's important. The session remains open until the browser is closed. Just closing the tab does not end the session.
Re: question about sessions
Posted: Mon Mar 12, 2012 2:21 pm
by beginner123
ok so how do i end the session? I have session_start(); in the sign in page and session_start(); session_destroy(); in the sign out page but it doesn't work
Re: question about sessions
Posted: Mon Mar 12, 2012 2:33 pm
by califdon
As it says in the manual
http://www.php.net/manual/en/function.s ... estroy.php,
PHP Manual wrote:session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
Re: question about sessions
Posted: Mon Mar 12, 2012 3:14 pm
by beginner123
ok so I added the code from the link you gave but it still doesn't log out when I close the browser tab. here all the code for the sign out page:
Code: Select all
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
//signout.php
include 'connect.php';
include 'header.php';
echo '<h2>Sign out</h2>';
//check if user is signed in first
if($_SESSION['signed_in'] == true)
{
//all variables to null to sign out
$_SESSION['signed_in'] = NULL;
$_SESSION['userName'] = NULL;
$_SESSION['userID'] = NULL;
echo 'Succesfully signed out, thank you for visiting.';
}
else
{
echo 'You are not signed in. Would you <a href="signin.php">like to</a>?';
}
include 'footer.php';
?>
Re: question about sessions
Posted: Mon Mar 12, 2012 3:24 pm
by califdon
Try
instead of
Code: Select all
//check if user is signed in first
if($_SESSION['signed_in'] == true)
{
//all variables to null to sign out
$_SESSION['signed_in'] = NULL;
$_SESSION['userName'] = NULL;
$_SESSION['userID'] = NULL;
echo 'Succesfully signed out, thank you for visiting.';
}
else
{
echo 'You are not signed in. Would you <a href="signin.php">like to</a>?';
}
Re: question about sessions
Posted: Mon Mar 12, 2012 3:39 pm
by beginner123
no still won't work, I'm still signed in if i close the browser
Re: question about sessions
Posted: Mon Mar 12, 2012 5:57 pm
by califdon
Then I guess you'll have to do some debugging. After your code that is supposed to kill the session, enter a debugging line to print out something like:
Code: Select all
echo "the user is: $_SESSION['userName']";
If nothing at all prints out on the screen, your script is not reaching that point, so you'll have to figure out why not. If it prints out "the user is:", but nothing else, then the session variables HAVE been destroyed, so you'll have to figure out why it's starting up again. If it prints out the user name, then you know that the variables have not been destroyed, although I can't see how that could happen. Let us know what happens.
Re: question about sessions
Posted: Tue Mar 13, 2012 11:40 am
by beginner123
the code you suggested gives an error: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\wamp\www\project\signout.php on line 22
so I tried this code instead:
Code: Select all
echo 'the user is:' . $_SESSION['userName'];
but that gave this message
Notice: Undefined index: userName in C:\wamp\www\project\signout.php on line 23
Re: question about sessions
Posted: Tue Mar 13, 2012 12:24 pm
by califdon
Sorry about the first error. I should have known that an array variable cannot be evaluated within a quoted string. The second error message provides valuable information: it is telling you that indeed the session variable for the userName is not defined, therefore it WAS destroyed. If you put exactly that same line just BEFORE the lines that destroyed the session, it should print out the userName value. Therefore, your task now is to examine the way you are displaying the userName, because this demonstrates that the user HAS been logged out, as far as the session variables are concerned, but your display script is using some variable, perhaps, that still contains the value.
Re: question about sessions
Posted: Tue Mar 13, 2012 12:41 pm
by beginner123
username is used a lot in my codes. I have a userbar that says hello 'username' which i notices now doesn't work since I put session_start(); in the sign in page. Should session_start() be somewhere else?
Re: question about sessions
Posted: Tue Mar 13, 2012 1:11 pm
by califdon
session_start must be at the beginning of EVERY PHP script that needs to either read or write session variables.
So you need to review all your scripts that involve username (which may be all your scripts) and determine why you still show the username after the session variable has been killed.
Re: question about sessions
Posted: Tue Mar 13, 2012 2:09 pm
by beginner123
ok I added session_start to all the pages since they all need session variables and I have no idea why I'm still signed in. If session_destory is working I don't know why it still says hello 'usename' when i reopen the tab so its still not signing me out when the tab is closed.
as requinix said:
Store whatever information you need (like the username) in the session
Do I need to add something to session_start?
Re: question about sessions
Posted: Tue Mar 13, 2012 2:14 pm
by Celauran
No, there's nothing to add to session_start(). Like califdon has already mentioned -- and you have already confirmed -- it appears that session data is being properly unset and that the username must also be stored somewhere else.