0

SO I have a logout button that links to a script called logout.php, standard stuff.

Logout.php at the minute looks like this:

<?php
session_start();
$sid = session_id();
echo $sid;

session_destroy();
session_unset();

session_start();
session_regenerate_id(true);
$sid = session_id();
echo $sid;
?>

This code coming from doing some research on the internet (and stack overflow) and after using the simple:

session_start();
session_destroy();

Didnt work.

So the current script produces this:

a920o3mmfhh7gldak4ki4nure5
Warning: session_destroy() [function.session-destroy]: Session object destruction failed in (File Path)p on line 7

Warning: session_regenerate_id() [function.session-regenerate-id]: Session object destruction failed in (File Path) on line 12
a920o3mmfhh7gldak4ki4nure5

Has session_destroy been depreciated? Because I looked on manual and it didn't say it had been and its usually up to date. If not, can anyone see why it can't destroy my session?

Bohdi
  • 1,295
  • 4
  • 28
  • 62

2 Answers2

1

Use this to log out:

session_start();
$_SESSION = array();

if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
Nin
  • 2,960
  • 21
  • 30
  • This doesn't work, it simply give me another error: a920o3mmfhh7gldak4ki4nusg1 Warning: session_regenerate_id() [function.session-regenerate-id]: Session object destruction failed in (File Path) on line 7 a920o3mmfhh7gldak4ki4nusg1 – Bohdi Sep 05 '12 at 13:03
  • did you check your session.save_path in php.ini and checked if that had the right permission? – Nin Sep 05 '12 at 13:05
  • My server is ran by a third party company, I take it php.ini would be located there? – Bohdi Sep 05 '12 at 13:07
  • depends, but you can check with phpinfo(). It's most probably a server issue and so the third party should handle it. – Nin Sep 05 '12 at 13:11
  • I rant it and it tells me where the session save path is, but if i didn't have the right permission, wouldn't that stop me from creating a session as well? – Bohdi Sep 05 '12 at 13:32
  • yes, and probably your session isn't created right. Did you test if it was? – Nin Sep 05 '12 at 13:39
  • I can display a session id, and the 'login' system works and seems to be dependant on a session variable called 'loggedin'. But how do I test if its created properly? – Bohdi Sep 05 '12 at 14:05
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/16305/discussion-between-nin-and-objectivej) – Nin Sep 05 '12 at 14:10
  • THIS! only thing that works perfectly, session_destroy(); refuses to work, thanks so much Nin. – Bohdi Sep 05 '12 at 15:16
0
if(isset($_SESSION)){
   unset($_SESSION);
 }
nick
  • 2,743
  • 4
  • 31
  • 39
  • that gives no error but does not destroy the session, user is still logged in – Bohdi Sep 05 '12 at 13:36
  • 1
    If the global `$_SESSION` is destroyed.. how can you tell the user is still logged in? – nick Sep 05 '12 at 13:43
  • I'm maybe being stupid, but because one I execute that script, if the session is destroyed then when I try and point to index.php i should be redirected to login.php, as it works before I log in. But it allows me to freely roam the website, without redirecting. Again sorry if im missing something. – Bohdi Sep 05 '12 at 14:03