Page 1 of 1

[SOLVED] session_unregister() will not work

Posted: Tue Jun 15, 2004 4:24 pm
by melindaSA
I have a problem the following code, the login works great, but the session_unregister will not work. If I do not close my browser after logging out of level_one, and then login using level_two, I still get the results for the level_one login.

Code: Select all

<?php


$target=$_SERVER["PHP_SELF"];
include("common.php");
if (isset($_SESSION['level'])) {
                if (isset($logout)){
                        session_unregister("level");
                }else{
                   echo"
                        <form name=form1 method=post action=assets/login.php>
                                <table border=0 cellspacing=0 cellpadding=0 class=content>
                                        <tr>
                                                <td >
                                                <input name=logout type=hidden value=logout>

                                                <input name=submit type=image src=logout.gif  border=0 >
                                                </td>
                                        </tr>
                                </table>
                        </form>";
                }
        } 
if (!isset($_SESSION['level'])) {
        if (isset($username)){
                $query = "SELECT level FROM users WHERE username='$username' AND password='$password'" or die("Wrong Password"); 
                $sql_results = mysql_query($query,$connection);
                        while ($row = mysql_fetch_array($sql_results)) {
                                $level = $row['level'];
                                        session_register("level");
                        }
        }
        if (isset($_SESSION['level'])) {
                   echo"
                        <form name=form1 method=post action=assets/login.php>
                                <table border=0 cellspacing=0 cellpadding=0 class=content>
                                        <tr>
                                                <td >
                                                <input name=logout type=hidden value=logout>

                                                <input name=submit type=image src=logout.gif  border=0 >
                                                </td>
                                        </tr>
                                </table>
                        </form>";
        }else{
                echo"
                        <form name=form1 method=post action=../page1_login.php>
                                <table border=0 cellspacing=0 cellpadding=0 class=content>
                                        <tr>
                                                <td>username:</td>
                                        </tr>
                                        <tr>
                                                <td><input type=text name=username class=form></td>
                                        </tr>
                                        <tr>
                                                <td>password:</td>
                                        </tr>
                                        <tr>
                                                <td><input type=text name=password class=form></td>
                                        </tr>
                                        <tr>
                                                <td align=right><input type=hidden value=1 name=reload>
                                                <input name=submit type=image src=go.gif  border=0 ></td>
                                        </tr>                                
                                </table>
                        </form>";
        }
} 

?>
I would really appreciate some help!
Thank you!

Posted: Tue Jun 15, 2004 4:25 pm
by markl999
You shouldn't mix $_SESSION with the session_* functions (apart from session_start, session_destroy).
Try using unset($_SESSION['level']) instead of session_unregister("level");

Posted: Tue Jun 15, 2004 4:28 pm
by melindaSA
Thanks for the quick reply!

I tried using unset($_SESSION['level']); and it still will not close the session....

Posted: Tue Jun 15, 2004 4:30 pm
by markl999
Well unless you have register_globals On (and you shouldn't, a phpinfo() page will tell you) you should be using $_POST['logout'] instead of $logout, same applies to the other form vars, like username and password.

Also, you can just destroy the entire session with session_destroy() rather than just unset the login session var.

Posted: Tue Jun 15, 2004 4:51 pm
by melindaSA
I will make sure that I use I use $_POST[] from now on...learn something new everyday! I tried $_POST['logout'] and session_destroy, and the session still will not close!!

Posted: Tue Jun 15, 2004 5:08 pm
by melindaSA
I got it working, by making a seperate logout page...

Code: Select all

<?php

// logout.php

// you must start session before destroying it
session_start();
session_destroy();

echo "You have been successfully logged out.

<br><br>
You will now be returned to the login page.

<META HTTP-EQUIV="refresh" content="2; URL=login.php"> ";


?>
Thank you!

Posted: Tue Jun 15, 2004 5:15 pm
by tim
call me picky, but i think the proper way is:

Code: Select all

<?php
session_start(); 
session_destroy(); 
$_SESSION = array(); 
?>

Posted: Tue Jun 15, 2004 5:17 pm
by melindaSA
OK! Thanks!

Posted: Tue Jun 15, 2004 6:38 pm
by Elessar
Found this at the php.net page:
Only This works with register_globals being 'ON'.

unset( $_SESSION['variable'] );

The above will not work with register_globals turned on (will only work outside of a function).

$variable = $_SESSION['variable'];
unset( $_SESSION['variable'], $variable );

The above will work with register_globals on & inside a function
So, if you have regiser_globals on, unset($_SESSION['variable') won't work. Might as well try $_SESSION['variable'] = '' instead

Posted: Tue Jun 15, 2004 6:53 pm
by John Cartwright
the best way to destroy a session is $_SESSION = array();

edit - oops tim already said this