Problem with destroying sessions

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
iandunn
Forum Newbie
Posts: 16
Joined: Fri Dec 03, 2004 7:44 am
Contact:

Problem with destroying sessions

Post by iandunn »

I have a login system setup and sometimes (but not always) the logout won't work. When it doesn't work, I've determined that $_COOKIE and $_SESSION are empty after the logout, but then it redirects to the home page and session_start() is called and $_SESSION is populated again. So it appears to have something to do with session cookies,

I call session_start() on every page. When someone logs in a $_SESSION['user_info'] is populated and persistent cookies are set with username/password. When they logout, I do $_SESSION = array(), session_destroy() and delete the persistent cookies.

Here is the relevant code.

Called on every page:

Code: Select all

session_start();
	
	if(!isset($_SESSION['user_info']))
	{
		// If user has cookie set, use that info
		if(isset($_COOKIE['cookieUN']) && isset($_COOKIE['cookiePW']))
		    $_SESSION['id'] = login_username_password($_COOKIE['cookieUN'], $_COOKIE['cookiePW']);

		if(!isset($_SESSION['id']))
		{
			$_SESSION['id'] = 0;
			$_SESSION['username'] = 'ANONYMOUS';
			//echo 'New site user - set to ANONYMOUS';
		}
		else
		{
			if ((int)$_SESSION['id'] != 0)
			{
				$_SESSION['user_info'] = get_userinfo_by_id($_SESSION['id']);
				unset($_SESSION['id']);
				unset($_SESSION['username']);			
			}
		}
	}
Login function:

Code: Select all

function login_store() {
		$username = trim($_POST['login_username']);
		$password = md5(trim($_POST['login_password']));
		
		// lookup user an retrieve id
		$user_id = login_username_password($username, $password);
		
		if ($user_id != 0)
		{
			if(isset($_POST['remember']))
			{
				setcookie("cookieUN", $username, time()+60*60*24*100);
				setcookie("cookiePW", $password, time()+60*60*24*100);
			}
			
			$_SESSION['id'] = $user_id;
			if(isset($_SESSION['return_page']))
			{
				$temp = $_SESSION['return_page'];
				unset($_SESSION['return_page']);
				header("location: " . $temp);
			}
			else
				header("location: main_controller.php");
		}
		else
			header("location: main_controller.php?controller=store&action=login_page&error=2");
	}
Logout function:

Code: Select all

function logout_store()
	{
		// Delete cookies
		if(isset($_COOKIE['cookieUN']) && isset($_COOKIE['cookiePW']))
		{
			setcookie("cookieUN", "", time()-60*60*24*100, "/");
	   		setcookie("cookiePW", "", time()-60*60*24*100, "/");
		}
		else
			die('bad');

		// Kill session
		$_SESSION = array();
		//if (isset($_COOKIE[session_name()]))
			//setcookie(session_name(), '', time()-42000, '/');
		//setcookie('PHPSESSID', '', time()-42000, '/');
		//session_destroy();

		@session_destroy();
		setcookie(session_name('PHPSESSID'), '', time()-42000,'/','.domain.com');
		setcookie(session_name('PHPSESSID'), '', time()-42000,'/','domain.com');
		setcookie(session_name('PHPSESSID'), '', time()-42000,'/','domain.com');
		setcookie(session_name('PHPSESSID'), '', time()-42000,'/');
		@session_destroy();
		
		header("location: main_controller.php");
	}
(the actual domain was changed to 'domain.com')
Post Reply