Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PHP $_SESSION variable will not unset

sorry for a repetitive question, I've seen a few of these on this forum but none of the responses worked for me...

I am building a basic login using php sessions, which I'm new at...

login.php validates html login form and begins a session, setting variables: $_SESSION['login'] and $_SESSION['id],

then each page that requires a valid login uses require 'session.php'; which checks the $_SESSION['valid'] variable and redirects a user w/o proper login variable. The problem is when I logout neither session variable I've set will unset.

Right now my logout.php file uses about every method to destroy the variables that I've been able to find online and none will actually do it.

So whenever I log out, I can still access the 'private' pages.

Also note: I have tried it w/o a session name ex: session_start(); that didn't work so now I'm using session_start("user");

Also note: I am NOT using cookies.

Here are the files I mentioned:


login.php


$email=$_POST['email-log']; $pass=$_POST['password-log'];

$i=-1;

do
{$i++; $path="users/".$i.".json";
$file=  file_get_contents($path);
$x=json_decode($file,true);
} while($x['email']!=$email);
$id=$i;
$truepass=$x['pass'];

$errors=0;
$hash=hash('sha256',$pass);
if($hash != $truepass){$errors=$errors+1;}

if($errors==0){
        session_start("user");
        $_SESSION['login']="valid";
        $_SESSION['id']=$id;

    header('Location: loginlanding.php');}

else{header('Location: front.php?error=y');}

session.php


session_start("user"); if($_SESSION['login'] !== "valid") {header('Location: front.php?needto=login');}

logout.php


unset($_SESSION); unset($_SESSION['login']); unset($_SESSION['id']); session_unset("user"); $_SESSION=array(); session_destroy("user"); header('Location: front.php?logged=out');

Any and all responses are welcome and I thank you in advance, also note, I am new to logins in general so any advice to beef up security is welcome also. I'm planning on making it more secure, but first I need to get this basic functionality up and running.

like image 767
B Rad C Avatar asked Nov 28 '22 04:11

B Rad C


1 Answers

You should never unset($_SESSION).

The easiest way to clear the $_SESSION variable is $_SESSION = Array();

However, you can also iterate with unset:

foreach(array_keys($_SESSION) as $k) unset($_SESSION[$k]);
like image 94
Niet the Dark Absol Avatar answered Dec 05 '22 00:12

Niet the Dark Absol