How do you clear a session, within a *.inc file?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

How do you clear a session, within a *.inc file?

Post by simonmlewis »

This is partly related to another thread, but is a more direct question.

Within it's own file, and you clear and unset a session.
This simple form opens a session ID.
On submit, it posts to itself, and should in theory then unset the session id. But the value of $sessionid remains the session id. Why?

Code: Select all

<?php
$test=$_POST['test'];
if (isset($_SESSION["sessionid"])) 
{
$sessionid = $_SESSION["sessionid"];
}
else
{
$sessionid = session_id();
$_SESSION['sessionid'] = $sessionid;
}

if ($test != NULL)
{
unset($_SESSION['sessionid']);
}

echo "<form method='post' action='/test'>
<input type='text' name='test' value='$sessionid'>
<input type='submit'>
</form>";
?>
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: How do you clear a session, within a *.inc file?

Post by simonmlewis »

This is like a bug that won't go away.
I've even tried it in index.php

Code: Select all

if ($page == "register")
{
$update = isset($_POST['update']) ? $_POST['update'] : null;
if (!isset($update))
{
$_SESSION = array();
session_destroy();
}

if (isset($update))
{
if (isset($_SESSION["sessionid"]))
{
$sessionid = $_SESSION["sessionid"];
}
else
{
$sessionid = session_id();
$_SESSION['sessionid'] = $sessionid;
}
}
}
And if I echo the sessionid in my register file, it's ALWAYS the same sessionid number.

I've tried unset, destroy and array, why won't anything get rid of it? Or am I setting it wrong?
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: How do you clear a session, within a *.inc file?

Post by simonmlewis »

If I put that code at the end of my script, after the paid script runs, that shoudl then clear the session and start over.... it does. When I run as a new person submitting an entry, it uses the same Session ID yet again.
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: How do you clear a session, within a *.inc file?

Post by simonmlewis »

Even this, with the means to clear all sessions variables, and destroy the session and unset the session.
After I click Submit, the session id disappears from the button.
But if reload the test page, the same session ID appears in the button.

It's really bizarre.

Code: Select all

<?php
$test=$_POST['test'];

if (!isset($test))
{
if (isset($_SESSION["sessionid"])) 
{
$sessionid = $_SESSION["sessionid"];
}
else
{
$sessionid = session_id();
$_SESSION['sessionid'] = $sessionid;
}
}
if ($test != NULL)
{
unset($_SESSION['sessionid']);
$_SESSION = array();
session_destroy();
}

echo "<form method='post' action='/test'>
<input type='text' name='test' value='$sessionid'>
<input type='submit'>
</form>";
?>
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: How do you clear a session, within a *.inc file?

Post by simonmlewis »

Can this only be done vi a a*.php file?
Is that where I am going wrong. Trying to clear a session in an include test.inc file??
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: How do you clear a session, within a *.inc file?

Post by simonmlewis »

I'm now posting it all to a *.php file.
So when there is a success, it does all the email and DB stuff, then it's meant to clear the session and return.

It does return. But when I echo the current Session ID on screen, it's the same sessionid that was apparently just destoyed, cleared and unset.

Code: Select all

<?php
session_start();
include "dbconn.php"; 

if (isset($_SESSION["sessionid"])) 
{
$success = isset($_GET['success']) ? $_GET['success'] : null;
if (isset($success))
{
$sessionid = $_SESSION["sessionid"];
$id = isset($_GET['id']) ? $_GET['id'] : null;
}

if ($success == "po")
{
if ($id == $sessionid)
  {
  mysql_query("UPDATE register SET paid = 'po' WHERE sessionid = '$sessionid'") or die(mysql_error());
  
  $to = "test@hotmail.com";
  $subject =  "site Purchase Order Request";
  $headers = "From: info@site.com";
  $body = "Please submit a purchase order for the following:
Purchase Order (Session ID): $sessionid";     
        
  $result = mysql_query ("SELECT * FROM register WHERE sessionid = '$sessionid'");
while ($row = mysql_fetch_object($result))
{

if ($row->attending == "yes") 
{ 
$body .= "Leader attending: $row->attending";
}

$body .= "
    $row->title $row->firstname $row->lastname
    $row->telephone
    $row->mobiletelephone
    $row->email
    Company (if applicable): $row->company
    $row->address1
    $row->address2
    $row->town
    $row->postcode
    $row->country
    Special Needs (if applicable: $row->specialneeds
    Where did they hear about site: $row->wheredidyouhear
    $row->datebooked
    $row->dateofbooking
    -----------------";
}
mysql_free_result($result);
$body .= "

--------------------------------------------
";
        mail ($to, $subject, $body, $headers);  
        
session_unset();
session_destroy();
session_write_close();
session_regenerate_id(true);

  echo "
  <script>
  window.location.replace('/register_c&success=po')
  </script>";
   
   }
   else
   {
   echo "Sorry there is a problem with your request.  Please complete details again, or contact us.";
   }
}

if ($success == "yes")
  {
  if ($id == NULL)
  {
  mysql_query("UPDATE register SET paid = 'yes' WHERE sessionid = '$sessionid'") or die(mysql_error());
 
   
$to = "test@hotmail.com";
        $subject =  "site Booking";
        $headers = "From: info@site.com";
     $body = "";           
  $result = mysql_query ("SELECT * FROM register WHERE sessionid = '$sessionid' AND paid = 'yes'");
while ($row = mysql_fetch_object($result))
{
if ($row->attending == "yes") 
{ 
$body .= "Leader attending: $row->attending";
}

$body .= "
    $row->title $row->firstname $row->lastname
    $row->telephone
    $row->mobiletelephone
    $row->email
    Company (if applicable): $row->company
    $row->address1
    $row->address2
    $row->town
    $row->postcode
    $row->country
    Special Needs (if applicable: $row->specialneeds
    Where did they hear about site: $row->wheredidyouhear
    $row->datebooked
    $row->dateofbooking
    Paid: $row->paid
    -----------------";
}
mysql_free_result($result);
$body .= "

--------------------------------------------
";
        mail ($to, $subject, $body, $headers); 

         
$result = mysql_query ("SELECT * FROM register WHERE sessionid = '$sessionid' AND paid = 'yes'");
while ($row = mysql_fetch_object($result))
{
if ($row->attending == "Yes")
{
$attendingtext = "Information only for person registering person or persons.  Your invoice will be sent via PayPal, along with number of attendees and fees paid.";
}
else
{
$attendingtext = "";
}
$to = "$row->email";
$subject =  "site Booking";
$headers = "From: judith@site.com";
$body = "$attendingtext

Your Booking with site details shown below:

Booking ID: $row->sessionid
$row->title $row->firstname $row->lastname
Special Needs (if applicable): $row->specialneeds
$row->datebooked
$row->dateofbooking

-----------------
    
Kind regards
site.com";
mail ($to, $subject, $body, $headers); 
}
mysql_free_result($result);
        
session_unset();
session_destroy();
session_write_close();
session_regenerate_id(true);

   echo "<script>
  window.location.replace('/register_c&success=yes')
  </script>";
   }
   else
   {
   echo "Sorry there has been a problem with your request.  If you have made payment, please contact us to let us check it for you.  If you have yet to pay, please re-register.";
   }
  }
if ($success == "no")
  {
  mysql_query("DELETE FROM register WHERE sessionid = '$sessionid'");
session_unset();
session_destroy();
session_write_close();
session_regenerate_id(true);

  echo "<script>
  window.location.replace('/register_c&success=no')
  </script>";
  }
}
else
{
 echo "<script>
  window.location.replace('/')
  </script>";
}
?>
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: How do you clear a session, within a *.inc file?

Post by Celauran »

This is impossible to read because it's completely unformatted. Where are you setting $_SESSION['session']?
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: How do you clear a session, within a *.inc file?

Post by simonmlewis »

In the opening register.inc

Code: Select all

$update = isset($_POST['update']) ? $_POST['update'] : null;

  if (isset($_SESSION["sessionid"]) && isset($update)) 
  {
  $sessionid = $_SESSION["sessionid"];
  }
  else
  {
  $old_sessionid = session_id();
session_regenerate_id();
  $sessionid = session_id();
  }
the file before is register_complete.
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: How do you clear a session, within a *.inc file?

Post by simonmlewis »

Maybe I should explain how I have written it.
Users opens register.inc.
SessionID is created and assigned to $sessionid.
Completes their details. Hits "Next".
In the next page knows this is a "participant", thus completely a different form in the code.
Once this has all pass and they are ready to pay, they do so.
After payment, they reach either register_complete.inc or register_complete.php (have tried both to resolve this).

The database is updated.
The sessions are supposedly unset and destroyed, and they are taken to a "clean" page.

However, if I then go to Register again, and submit as a new person, $sessionid echoed on screen, remains the same as before.
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: How do you clear a session, within a *.inc file?

Post by Celauran »

And you're generating a new session ID in register.inc? It sounds like all that really matters is the randomly generated ID, which you could generate yourself any number of ways.
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: How do you clear a session, within a *.inc file?

Post by simonmlewis »

I am "trying" to, yes. But for some reason it keeps on using the same one.
I need to store it somehow. Either by a session, or a cookie. Prefer to do it with a session though.
Is it because I am specifically using the "sessionid" PHP code then?
Should I create it with:
$random = (rand()%99999999);
And assign that to "$usersession" ?
But thought this way was more "proper".
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: How do you clear a session, within a *.inc file?

Post by Celauran »

Your register.inc is something like this?

Code: Select all

<?php

session_start();
session_regenerate_id(true);
$_SESSION['sessionid'] = session_id();
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: How do you clear a session, within a *.inc file?

Post by Celauran »

I don't know that there's necessarily a 'proper'. You're trying to generate some random string to use as an identifier and that's really the extent of it, at least as I'm understanding it.

Code: Select all

$ident = md5(microtime());
It's not really random, and it's certainly not suitable for anything involving security, but if it's just for the sake of differentiating purchases or whatever, it's fine. You could also use UUIDs, which would be even better.

If I've somehow misunderstood how/why you're using session IDs, then disregard this whole post.
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: How do you clear a session, within a *.inc file?

Post by simonmlewis »

I didn't get to that other stage, as after your last message I tried it with Rand, and it worked.
I suspect the regeneration of the session ID script I did was wrong, but was so tired of it failing every time, I tried another option.

Thanks anyway. Got there in the end.
It's only to pass over a set of numbers, so that when they return from a payment, it knows it's them.
Out of interest, is there a way to make this generate alpha number, rather than just numberic?
$random = (rand()%99999999);
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: How do you clear a session, within a *.inc file?

Post by Celauran »

No. rand() generates a random integer. hashing microtime as I posted above will give you a mixed alphanumeric string. If you want something that can include all letters and numbers, you'd need to write it yourself. Wouldn't be hard, though, and there are a million examples online.
Post Reply