not destroying the session

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
wiggst3r
Forum Newbie
Posts: 10
Joined: Wed Apr 09, 2008 10:59 am

not destroying the session

Post by wiggst3r »

Hi

I have a site where users can login to view some information.
When a user logs out and a new user signs up, the new user is able to view the previous users information.
The session doesn't seem to be getting destroyed and I can't figure out why.

Code: Select all

<?php
class Authentications_Model
{
    function Authentications_Model()
    {
        $this->session_id = session_id();
    }
    function get_session()
    {
        $fct_name = 'get_session';
        function_start($fct_name);
 
        $time = time();
 
        global $db;
 
        $ins_session_id = $db->quote_null_or_var($this->session_id);
        $ins_expiry_time= $db->quote_null_or_var($time);
 
        $sql = " SELECT * FROM sessions ".
               " WHERE session_id = $ins_session_id ".
               " AND expires > $ins_expiry_time ";
 
 
        $result = $db->db_query($sql);
        $rows = $db->db_num_rows($result);
        $rows?$row=$db->db_fetch($result):$row=false;
 
        if(!$row)
        {
            debug("there is no session for this user. They are not logged in, returning false");
        }
        else
        {
            debug("The user is logged in. The row is:");
            debug_row($row);
        }
        function_end($fct_name);
        return $row;
    }
    function update_session_time()
    {
        $fct_name = 'update_session_time';
        function_start($fct_name);
 
        $expiry_time = time() + MAX_LOGIN_TIME;
 
        global $db;
        $res = $db->update_row( 'sessions',
                                array('expires'=> $expiry_time),
                                array('session_id' => $this->session_id)
                              );
 
        function_end($fct_name);
        return $res;
    }
    function insert_login($user_name, $password)
    {
        $fct_name = 'insert_login';
        function_start($fct_name);
        global $db;
 
        $encrypted_password = encrypt_password($password);
 
        $ins_user_name = $db->quote_null_or_var($user_name);
        $ins_encrypted_password = $db->quote_null_or_var($encrypted_password);
 
        $sql =  " SELECT * FROM users " .
                " WHERE UPPER(user_name) = UPPER($ins_user_name) ".
                " AND password = $ins_encrypted_password ".
                " AND coach = '1' ";
 
        $res = $db->db_query($sql);
        $user_row = $db->db_fetch($res);
 
        if($user_row)
        {
            global $authentication;
            $authentication = $user_row;
 
            debug("correct username and password so now insert a session");
 
            $expires = time() + MAX_LOGIN_TIME;
 
            $insert = $db->insert_row( 'sessions',
                                       array('session_id' => $this->session_id,
                                       'user_id' => $user_row['id'],
                                       'expires' => $expires,
                                       'ip_address' => $_SERVER["REMOTE_ADDR"]
                                      )
                                );
            function_end($fct_name);
            return true;
        }
        else
        {
            function_end($fct_name);
            return false;
        }
    }
    function expire_login()
    {
        $fct_name = 'expire_login';
        function_start($fct_name);
        global $db;
        global $authentication;
 
        session_destroy();
        setcookie ("PHPSESSID", "", time()-60000);
 
        $expires = time() - 60;
        debug("set the logout time to be an hour ago [$expires]");
 
        $insert = $db->delete(    'sessions',
                                   array('user_id' => $authentication['id'])
                            );
 
        $authentication = false;
        function_end($fct_name);
    }
}
?>
 
All help is much appreciated
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: not destroying the session

Post by Christopher »

I am confused. Are you registering a DB session handler with session_set_save_handler() somewhere else? You are mixing database calls and calls to the PHP session library here...
(#10850)
wiggst3r
Forum Newbie
Posts: 10
Joined: Wed Apr 09, 2008 10:59 am

Re: not destroying the session

Post by wiggst3r »

The session gets saved into the db.
Post Reply