Can't logout mysql and php

Question

I have created a login/logout system in my application but it's not working even using session_start();, session_destroy(); and session_unset (); etc.

Here is what I have done so far:

the first page (login)

<?php
    if(
    !isset($_SERVER['PHP_AUTH_USER'])||
    !isset($_SERVER['PHP_AUTH_PW'])||
    ($_SERVER['PHP_AUTH_USER'])!="admin"||
    ($_SERVER['PHP_AUTH_PW']!="admin")
     )
{
header('WWW-Authenticate: Basic realm="Accès refusé"');
echo 'Accès refusé';
exit;
}
else
session_start (); 
$_SESSION['PHP_AUTH_USER'] = "admin"; 
$_SESSION['PHP_AUTH_PW'] = "admin"; 
echo '

and this is the logout part

<?php

session_start();
session_unset ();
session_destroy(); 
header("Location: index.php");
die;    
?>

The problem is that the session is not destroyed, even when clicking the logout button.

That should be `if{` not `if(`, followed by `}` and not `)` etc. Plus you need `session_start();` in every page. — Funk Forty Niner, Jun 20 '13 at 23:41
I have session_start() in every page + it's if(condition) {} this is how i work all the time — user2507171, Jun 20 '13 at 23:45
Your **"style"** is very confusing, even if it does work for you. — Funk Forty Niner, Jun 20 '13 at 23:48
Yes I saw that, however, `session_start();`, is usually at the **top** of the page, not tucked down below in an `else`. Probably why it's getting destroyed. — Funk Forty Niner, Jun 20 '13 at 23:49
it's after the (else) because in my case or to put it right the condition i begin with is if there is not login or password or if they are wrong in this case nothing must happens but in the other case a session should start and a member page shows out (after the echo) — user2507171, Jun 20 '13 at 23:54
@Fred - his if contains functional syntax, just looks odd the way it is displayed here. — Kai Qing, Jun 20 '13 at 23:55
@KaiQing **Odd** indeed. Oh well, I guess it's kind of like being a pharmacist, and having to read a new doctor's handwriting ;-) — Funk Forty Niner, Jun 20 '13 at 23:56
@user2507171 Is there anything else below `echo '` in your first body of posted code? May be irrelevant, just on a *need-to-know basis* — Funk Forty Niner, Jun 21 '13 at 00:09
below echo there is the code of the page (member) all in html — user2507171, Jun 21 '13 at 00:10
@user2507171 Ok, so it's not part of the problem then. Ok... *back to the 'ol drawing board*. — Funk Forty Niner, Jun 21 '13 at 00:12
@user2507171 Have you tried `exit;` instead of `die;` or even removing it altogether? — Funk Forty Niner, Jun 21 '13 at 00:14
I guess that what shoud I do is to unset PHP_AUTH_USER variables but how I don't know, I have tried this PHP_AUTH_USER=null; PHP_AUTH_USER=""; but still same issue — user2507171, Jun 21 '13 at 00:18
*baffled*. Maybe something to do with your `.htaccess` and/or `php.ini`? — Funk Forty Niner, Jun 21 '13 at 00:18
Taken from the PHP manual: "If you want to change the session id on each log in, make sure to use `session_regenerate_id(true)` during the log in process." Not sure if it will be of use. — Funk Forty Niner, Jun 21 '13 at 00:22
Found this: "`$_SESSION = array();` after calling `session_destroy();`" — Funk Forty Niner, Jun 21 '13 at 00:24
@user2507171 Those infos above were found at http://php.net/manual/en/function.session-destroy.php and http://stackoverflow.com/a/9971669/1415724 - might be some info in there you can use. — Funk Forty Niner, Jun 21 '13 at 00:25
@user2507171 Btw, did you say that you tried putting `session_start();` "also" at the **top** of the login page, while keeping the other one intact and it didn't work? — Funk Forty Niner, Jun 21 '13 at 00:38

score 1 · Accepted Answer · edited May 23 '17 at 12:21

1

You are using http authentication
Cookies and Sessions does not have any influence on http authentication
"No correct way exists" to logout.

Create another login/logout system, it's not hard.

edited May 23 '17 at 12:21

Community

1
1

answered Jun 21 '13 at 00:43

sectus

15,605
5
55
97

Is it going to change anything if I use another browser ? – user2507171 Jun 21 '13 at 00:52
@user2507171, yes, You will be able to handle auth with cookies and sessions. – sectus Jun 21 '13 at 00:54
Might change it if you use another browser sure, but it still doesn't fix the "existing" issue at hand. What if someone uses the same you're using now? – Funk Forty Niner Jun 21 '13 at 01:02
@user2507171 Have a look at http://stackoverflow.com/a/12866277/1415724 and http://stackoverflow.com/a/3490680/1415724 – Funk Forty Niner Jun 21 '13 at 01:04
I didn't even notice that. – AbsoluteƵERØ Jun 21 '13 at 01:58

Can't logout mysql and php

1 Answers1