0

I am facing a problem today with the phpCas library https://wiki.jasig.org/display/CASC/phpCAS.

Problem is the following, when I try to use some logout function, I got the message 

Warning: session_destroy(): Trying to destroy uninitialized session

After giving a quick look into the phpCas's library code, I manage to figure out where the problem comes from, here is a snippet of a logout function : 

session_write_close();
header('Location: '.$cas_url);
phpCAS::trace("Prepare redirect to : ".$cas_url);
session_unset();
session_destroy();

The problem there it seems is that session_write_close() actually close the session then session_destroy() can't work.

Tried to put the session_write_close() in comment and worked like a charm but it leads to two questions :

  • Is the problem really coming from there? Or should it work?

  • If the problem do really come from there, why is it there and nobody complaining? Thought phpCas was a reknown library used by many.

MisterJ
  • 919
  • 1
  • 9
  • 24

3 Answers3

1

Sounds like you checked out the master branch (2af859ff76) - just checked and it does have an error in it. You should:

  • Check out one of the release branches, like 1.3-stable
  • Log this bug with the author
PatL
  • 101
  • 4
  • Thank you very much. Thought it could be a bug from their code at the first place, and then the fact that last update was at least a month ago and nobody complaining made me thing I should be wrong. I thought phpCas was a bit more popular. – MisterJ Jul 12 '13 at 06:57
0

As the manual suggests that "session_write_close — Write session data and end session" So you are getting fair warning. as Session has been closed already.

FYI

Rohit Choudhary
  • 2,253
  • 1
  • 23
  • 34
0

you need session_start(); before you can destroy it

also header("Location ...) is sending out headers so you can't close the session afterwards. do the redirect after closing the session

lePunk
  • 523
  • 3
  • 10