Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

Doesn't Session_Destroy() Do Just That?

sessions countdown session

  • Please log in to reply
6 replies to this topic

#1 brbcoding

brbcoding

    CC Regular

  • Member
  • PipPipPip
  • 33 posts
  • Location:Florida
  • Programming Language:Java, C#, PHP, Python, JavaScript, Ruby, PL/SQL
  • Learning:Perl, Ruby

Posted 27 July 2012 - 07:39 AM

So, I've basically got a registration system and login system etc... all done, working just fine. Logout is the part that isn't working like I think it should. I've got a link to "logout.php"... logout.php looks like this:

<?php
session_start();
session_destroy();
header("location:redirect.php");
?>

redirect.php is just a page that has a 5...4...3... etc.. countdown and redirect to login. I feel like this should be working, however, it doesn't seem to be 'destroying' the session. When I open 'Edit This Cookie' in Chrome, I can still see the PHPSESSID. What gives?
  • 0

#2 gregwarner

gregwarner

    Obi Wan of Programming

  • Expert Member
  • PipPipPipPipPipPipPip
  • 1586 posts
  • Location:Arkansas
  • Programming Language:C, Java, C++, C#, PHP, Transact-SQL

Posted 27 July 2012 - 08:08 AM

Check the documentation on session_destroy():
http://php.net/manua...ion-destroy.php

session_destroy() clears the session variables stored on the server side, not the client side. So the client's cookies will remain in the browser's cache. They will hold invalid data as far as the server is concerned, and a new session ID will be handed out next time the user logs into the site. However, if you want to totally erase the session variables on the client side as well as the server side, you'll need to additionally use setcookie() to clear the cookies in the user's browser.
  • 1

ti-99-sig.png
Hofstadter's Law: It always takes longer than you expect, even when you take into account Hofstadter's Law.
– Douglas Hofstadter, Gödel, Escher, Bach: An Eternal Golden Braid


#3 brbcoding

brbcoding

    CC Regular

  • Member
  • PipPipPip
  • 33 posts
  • Location:Florida
  • Programming Language:Java, C#, PHP, Python, JavaScript, Ruby, PL/SQL
  • Learning:Perl, Ruby

Posted 27 July 2012 - 08:14 AM

Check the documentation on session_destroy():
http://php.net/manua...ion-destroy.php

session_destroy() clears the session variables stored on the server side, not the client side. So the client's cookies will remain in the browser's cache. They will hold invalid data as far as the server is concerned, and a new session ID will be handed out next time the user logs into the site. However, if you want to totally erase the session variables on the client side as well as the server side, you'll need to additionally use setcookie() to clear the cookies in the user's browser.


Oh jeeze... DUH lol. I think I've been looking at this for way too long.
  • 0

#4 Irbis

Irbis

    CC Lurker

  • New Member
  • Pip
  • 6 posts
  • Programming Language:PHP, JavaScript, Transact-SQL

Posted 27 July 2012 - 11:29 AM

try somethig like this
if(isset($_SESSION['name'])) {
unset($_SESSION['name'];
session_destroy();
}
session_start();

  • 0

#5 brbcoding

brbcoding

    CC Regular

  • Member
  • PipPipPip
  • 33 posts
  • Location:Florida
  • Programming Language:Java, C#, PHP, Python, JavaScript, Ruby, PL/SQL
  • Learning:Perl, Ruby

Posted 27 July 2012 - 11:42 AM

What's the difference between doing that and what I did? I know it's just checking whether or not it is set... I initialize the session (just in case one isn't initialized), and then destroy it...
  • 0

#6 gregwarner

gregwarner

    Obi Wan of Programming

  • Expert Member
  • PipPipPipPipPipPipPip
  • 1586 posts
  • Location:Arkansas
  • Programming Language:C, Java, C++, C#, PHP, Transact-SQL

Posted 27 July 2012 - 12:32 PM

try somethig like this

if(isset($_SESSION['name'])) {
unset($_SESSION['name'];
session_destroy();
}
session_start();


Again, unset($_SESSION['name']) only affects session variables on the server side. @Cody's issue was with affecting variables on the client side. For that, you must use setcookie().
  • 0

ti-99-sig.png
Hofstadter's Law: It always takes longer than you expect, even when you take into account Hofstadter's Law.
– Douglas Hofstadter, Gödel, Escher, Bach: An Eternal Golden Braid


#7 brbcoding

brbcoding

    CC Regular

  • Member
  • PipPipPip
  • 33 posts
  • Location:Florida
  • Programming Language:Java, C#, PHP, Python, JavaScript, Ruby, PL/SQL
  • Learning:Perl, Ruby

Posted 27 July 2012 - 12:36 PM

Again, unset($_SESSION['name']) only affects session variables on the server side. @Cody's issue was with affecting variables on the client side. For that, you must use setcookie().


Yep... dropped my brain again I guess :P. You should have just told me 'hey dummy, php is server side'...
  • 0





Also tagged with one or more of these keywords: sessions, countdown, session

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download