Page 1 of 2
How do you clear a session, within a *.inc file?
Posted: Thu Feb 26, 2015 2:25 pm
by simonmlewis
This is partly related to another thread, but is a more direct question.
Within it's own file, and you clear and unset a session.
This simple form opens a session ID.
On submit, it posts to itself, and should in theory then unset the session id. But the value of $sessionid remains the session id. Why?
Code: Select all
<?php
$test=$_POST['test'];
if (isset($_SESSION["sessionid"]))
{
$sessionid = $_SESSION["sessionid"];
}
else
{
$sessionid = session_id();
$_SESSION['sessionid'] = $sessionid;
}
if ($test != NULL)
{
unset($_SESSION['sessionid']);
}
echo "<form method='post' action='/test'>
<input type='text' name='test' value='$sessionid'>
<input type='submit'>
</form>";
?>
Re: How do you clear a session, within a *.inc file?
Posted: Thu Feb 26, 2015 4:12 pm
by simonmlewis
This is like a bug that won't go away.
I've even tried it in index.php
Code: Select all
if ($page == "register")
{
$update = isset($_POST['update']) ? $_POST['update'] : null;
if (!isset($update))
{
$_SESSION = array();
session_destroy();
}
if (isset($update))
{
if (isset($_SESSION["sessionid"]))
{
$sessionid = $_SESSION["sessionid"];
}
else
{
$sessionid = session_id();
$_SESSION['sessionid'] = $sessionid;
}
}
}
And if I echo the sessionid in my register file, it's ALWAYS the same sessionid number.
I've tried unset, destroy and array, why won't anything get rid of it? Or am I setting it wrong?
Re: How do you clear a session, within a *.inc file?
Posted: Fri Feb 27, 2015 2:48 am
by simonmlewis
If I put that code at the end of my script, after the paid script runs, that shoudl then clear the session and start over.... it does. When I run as a new person submitting an entry, it uses the same Session ID yet again.
Re: How do you clear a session, within a *.inc file?
Posted: Fri Feb 27, 2015 2:50 am
by simonmlewis
Even this, with the means to clear all sessions variables, and destroy the session and unset the session.
After I click Submit, the session id disappears from the button.
But if reload the test page, the same session ID appears in the button.
It's really bizarre.
Code: Select all
<?php
$test=$_POST['test'];
if (!isset($test))
{
if (isset($_SESSION["sessionid"]))
{
$sessionid = $_SESSION["sessionid"];
}
else
{
$sessionid = session_id();
$_SESSION['sessionid'] = $sessionid;
}
}
if ($test != NULL)
{
unset($_SESSION['sessionid']);
$_SESSION = array();
session_destroy();
}
echo "<form method='post' action='/test'>
<input type='text' name='test' value='$sessionid'>
<input type='submit'>
</form>";
?>
Re: How do you clear a session, within a *.inc file?
Posted: Fri Feb 27, 2015 3:01 am
by simonmlewis
Can this only be done vi a a*.php file?
Is that where I am going wrong. Trying to clear a session in an include test.inc file??
Re: How do you clear a session, within a *.inc file?
Posted: Fri Feb 27, 2015 3:40 am
by simonmlewis
I'm now posting it all to a *.php file.
So when there is a success, it does all the email and DB stuff, then it's meant to clear the session and return.
It does return. But when I echo the current Session ID on screen, it's the same sessionid that was apparently just destoyed, cleared and unset.
Code: Select all
<?php
session_start();
include "dbconn.php";
if (isset($_SESSION["sessionid"]))
{
$success = isset($_GET['success']) ? $_GET['success'] : null;
if (isset($success))
{
$sessionid = $_SESSION["sessionid"];
$id = isset($_GET['id']) ? $_GET['id'] : null;
}
if ($success == "po")
{
if ($id == $sessionid)
{
mysql_query("UPDATE register SET paid = 'po' WHERE sessionid = '$sessionid'") or die(mysql_error());
$to = "test@hotmail.com";
$subject = "site Purchase Order Request";
$headers = "From: info@site.com";
$body = "Please submit a purchase order for the following:
Purchase Order (Session ID): $sessionid";
$result = mysql_query ("SELECT * FROM register WHERE sessionid = '$sessionid'");
while ($row = mysql_fetch_object($result))
{
if ($row->attending == "yes")
{
$body .= "Leader attending: $row->attending";
}
$body .= "
$row->title $row->firstname $row->lastname
$row->telephone
$row->mobiletelephone
$row->email
Company (if applicable): $row->company
$row->address1
$row->address2
$row->town
$row->postcode
$row->country
Special Needs (if applicable: $row->specialneeds
Where did they hear about site: $row->wheredidyouhear
$row->datebooked
$row->dateofbooking
-----------------";
}
mysql_free_result($result);
$body .= "
--------------------------------------------
";
mail ($to, $subject, $body, $headers);
session_unset();
session_destroy();
session_write_close();
session_regenerate_id(true);
echo "
<script>
window.location.replace('/register_c&success=po')
</script>";
}
else
{
echo "Sorry there is a problem with your request. Please complete details again, or contact us.";
}
}
if ($success == "yes")
{
if ($id == NULL)
{
mysql_query("UPDATE register SET paid = 'yes' WHERE sessionid = '$sessionid'") or die(mysql_error());
$to = "test@hotmail.com";
$subject = "site Booking";
$headers = "From: info@site.com";
$body = "";
$result = mysql_query ("SELECT * FROM register WHERE sessionid = '$sessionid' AND paid = 'yes'");
while ($row = mysql_fetch_object($result))
{
if ($row->attending == "yes")
{
$body .= "Leader attending: $row->attending";
}
$body .= "
$row->title $row->firstname $row->lastname
$row->telephone
$row->mobiletelephone
$row->email
Company (if applicable): $row->company
$row->address1
$row->address2
$row->town
$row->postcode
$row->country
Special Needs (if applicable: $row->specialneeds
Where did they hear about site: $row->wheredidyouhear
$row->datebooked
$row->dateofbooking
Paid: $row->paid
-----------------";
}
mysql_free_result($result);
$body .= "
--------------------------------------------
";
mail ($to, $subject, $body, $headers);
$result = mysql_query ("SELECT * FROM register WHERE sessionid = '$sessionid' AND paid = 'yes'");
while ($row = mysql_fetch_object($result))
{
if ($row->attending == "Yes")
{
$attendingtext = "Information only for person registering person or persons. Your invoice will be sent via PayPal, along with number of attendees and fees paid.";
}
else
{
$attendingtext = "";
}
$to = "$row->email";
$subject = "site Booking";
$headers = "From: judith@site.com";
$body = "$attendingtext
Your Booking with site details shown below:
Booking ID: $row->sessionid
$row->title $row->firstname $row->lastname
Special Needs (if applicable): $row->specialneeds
$row->datebooked
$row->dateofbooking
-----------------
Kind regards
site.com";
mail ($to, $subject, $body, $headers);
}
mysql_free_result($result);
session_unset();
session_destroy();
session_write_close();
session_regenerate_id(true);
echo "<script>
window.location.replace('/register_c&success=yes')
</script>";
}
else
{
echo "Sorry there has been a problem with your request. If you have made payment, please contact us to let us check it for you. If you have yet to pay, please re-register.";
}
}
if ($success == "no")
{
mysql_query("DELETE FROM register WHERE sessionid = '$sessionid'");
session_unset();
session_destroy();
session_write_close();
session_regenerate_id(true);
echo "<script>
window.location.replace('/register_c&success=no')
</script>";
}
}
else
{
echo "<script>
window.location.replace('/')
</script>";
}
?>
Re: How do you clear a session, within a *.inc file?
Posted: Fri Feb 27, 2015 6:47 am
by Celauran
This is impossible to read because it's completely unformatted. Where are you setting $_SESSION['session']?
Re: How do you clear a session, within a *.inc file?
Posted: Fri Feb 27, 2015 6:48 am
by simonmlewis
In the opening register.inc
Code: Select all
$update = isset($_POST['update']) ? $_POST['update'] : null;
if (isset($_SESSION["sessionid"]) && isset($update))
{
$sessionid = $_SESSION["sessionid"];
}
else
{
$old_sessionid = session_id();
session_regenerate_id();
$sessionid = session_id();
}
the file before is register_complete.
Re: How do you clear a session, within a *.inc file?
Posted: Fri Feb 27, 2015 8:11 am
by simonmlewis
Maybe I should explain how I have written it.
Users opens register.inc.
SessionID is created and assigned to $sessionid.
Completes their details. Hits "Next".
In the next page knows this is a "participant", thus completely a different form in the code.
Once this has all pass and they are ready to pay, they do so.
After payment, they reach either register_complete.inc or register_complete.php (have tried both to resolve this).
The database is updated.
The sessions are supposedly unset and destroyed, and they are taken to a "clean" page.
However, if I then go to Register again, and submit as a new person, $sessionid echoed on screen, remains the same as before.
Re: How do you clear a session, within a *.inc file?
Posted: Fri Feb 27, 2015 8:26 am
by Celauran
And you're generating a new session ID in register.inc? It sounds like all that really matters is the randomly generated ID, which you could generate yourself any number of ways.
Re: How do you clear a session, within a *.inc file?
Posted: Fri Feb 27, 2015 8:32 am
by simonmlewis
I am "trying" to, yes. But for some reason it keeps on using the same one.
I need to store it somehow. Either by a session, or a cookie. Prefer to do it with a session though.
Is it because I am specifically using the "sessionid" PHP code then?
Should I create it with:
$random = (rand()%99999999);
And assign that to "$usersession" ?
But thought this way was more "proper".
Re: How do you clear a session, within a *.inc file?
Posted: Fri Feb 27, 2015 8:45 am
by Celauran
Your register.inc is something like this?
Code: Select all
<?php
session_start();
session_regenerate_id(true);
$_SESSION['sessionid'] = session_id();
Re: How do you clear a session, within a *.inc file?
Posted: Fri Feb 27, 2015 8:49 am
by Celauran
I don't know that there's necessarily a 'proper'. You're trying to generate some random string to use as an identifier and that's really the extent of it, at least as I'm understanding it.
It's not really random, and it's certainly not suitable for anything involving security, but if it's just for the sake of differentiating purchases or whatever, it's fine. You could also use UUIDs, which would be even better.
If I've somehow misunderstood how/why you're using session IDs, then disregard this whole post.
Re: How do you clear a session, within a *.inc file?
Posted: Fri Feb 27, 2015 8:59 am
by simonmlewis
I didn't get to that other stage, as after your last message I tried it with Rand, and it worked.
I suspect the regeneration of the session ID script I did was wrong, but was so tired of it failing every time, I tried another option.
Thanks anyway. Got there in the end.
It's only to pass over a set of numbers, so that when they return from a payment, it knows it's them.
Out of interest, is there a way to make this generate alpha number, rather than just numberic?
$random = (rand()%99999999);
Re: How do you clear a session, within a *.inc file?
Posted: Fri Feb 27, 2015 9:06 am
by Celauran
No.
rand() generates a random integer. hashing microtime as I posted above will give you a mixed alphanumeric string. If you want something that can include all letters and numbers, you'd need to write it yourself. Wouldn't be hard, though, and there are a million examples online.