Page 1 of 1

Why Can I not end a session

Posted: Wed May 06, 2009 10:32 pm
by simonslater
I understand the basic concept behind ending a session which is:

Code: Select all

 
session_start();
session_unset();
session_destroy();
 
The problem is, that this does not work. Why is this? here is the code I have so far:
 
function restricted($logout)
    {
        require_once('db_login.php');   
        if($logout=='logout'){
            echo "logout code here";
            session_start();
            session_unset();
            session_destroy();
            echo "session is".session_is_registered();
        }else{
    
                session_start();
            
            
            if (empty($_SESSION['user_id']))
            {
                if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']))
                {
                    header('WWW-Authenticate: Basic realm="Member Area"');
                    header("HTTP/1.0 401 Unauthorized");
                    echo "You must enter a username and password.";
                    exit;
                }
        
            //connect to db
            vanstand_connect('localhost', 'Vstand', 'root', '');
        
            $web_username = mysql_real_escape_string($_SERVER['PHP_AUTH_USER']);
            $web_password = mysql_real_escape_string($_SERVER['PHP_AUTH_PW']);
        
        
            $query = "SELECT user_id, username";
            $query.= " FROM users WHERE ";
            $query.= "username='".$web_username."' AND password='".$web_password."' LIMIT 1";
            $result = mysql_query($query);
            if(!$result)
            {
                die("Cannot query: <br />".mysql_error());
            }
            if (!$result_row = mysql_fetch_array($result, MYSQL_ASSOC))
            {
                header('WWW-Authenticate: Basic realm="Member Area"');
                header("HTTP/1.0 401 Unauthorized");
                echo "Your username and password combination was incorrect.";
                exit;
            }
            $_SESSION['user_id'] = $result_row['user_id'];
            $_SESSION['username'] = $result_row['username'];
            
        }
        
            if (empty($_SESSION['user_id']))
            {
            echo "empty";
            }
        $value = $_SESSION['username'];
        setcookie("MoverCookie",$value);
        echo "Welcome <b>".$_SESSION['username'].'</b>.';
        mysql_close($connection);
        }
    }
 
The login in part works fine however destroying session does not. Any help on this seemingly simple matter would be terrific.

Thanks Simon Slater

Re: Why Can I not end a session

Posted: Wed May 06, 2009 11:34 pm
by John Cartwright
There are a few quirks making session_unset() and session_destroy() unreliable. Your best bet is to simply overwrite the session array, instead of eliminating the actual session.

Code: Select all

if($logout=='logout'){
   echo "logout code here";
   session_start();
   $_SESSION = array();
}else{
   //
}
And please use the proper in the future when posting please.