Destroy session in php

Question

i ve seen so many questions about this and im still having problems with that... can someone give me a help?

login page :

<?PHP
    header("Content-Type: text/html; charset=utf-8");
    $login = "root";
    $senha = "test";
    session_start();
    session_set_cookie_params(0);

    if ($_POST['login'] && $_POST['senha']) {
        if ($login == $_POST['login'] && $senha == $_POST['senha']) {

        $_SESSION['login'] = $login;
        $_SESSION['senha'] = $senha;
        Header("Location: index.php");

        } else {
            unset ($_SESSION['login']);
            unset ($_SESSION['senha']);
            header("Location: login.php");
        }
    }
?>

logout page :

<?php
    session_start();

    $_SESSION = array();

    unset( $_SESSION['login'] );
    unset( $_SESSION['senha'] );
    setcookie(session_name(), '', time() - 3600, '/');
    session_destroy();

    Header("Location: login.php");

    exit();
?>

im getting this error:

PHP Warning:  session_destroy(): Session object destruction failed in \\N\Users\cPanel\gil\public_html\gilberto\logout.php on line 11

please refer http://stackoverflow.com/questions/3512507/proper-way-to-logout-from-a-session-in-php. — Bhavesh G, Jan 20 '14 at 12:04

score 0 · Answer 1 · answered Jan 20 '14 at 11:56

0

You don't have to make $_SESSION = array();

Just use session_destroy() like said here : http://www.php.net/manual/fr/function.session-destroy.php

answered Jan 20 '14 at 11:56

David Ansermot

6,052
8
47
82

even if i take that out, it doesnt work! – ledesma Jan 20 '14 at 13:25
@mArm.ch If you safely want to destroy a session you have to unset the superglobal and any related cookies manually, that's also what the documentation says: _"It does not unset any of the global variables associated with the session, or unset the session cookie."_ – Lars Beck Jan 20 '14 at 14:47
Whoops. Not very up today. – David Ansermot Jan 20 '14 at 15:15

score 0 · Answer 2 · answered Jan 20 '14 at 11:59

Here is a function i use to logout:

function logout(){

    $cookies = explode(';', $_SERVER['HTTP_COOKIE']);
    foreach($cookies as $cookie) {
        $parts = explode('=', $cookie);
        $name = trim($parts[0]);

        if(strtoupper($name) == 'PHPSESSID'){
            continue;
        }

        setcookie($name, '', time()-360000);
        setcookie($name, '', time()-360000, '/');
    }

    foreach($_SESSION as $key => $val){
        unset($_SESSION[$key]);
    }

    header('Location: account/login');
    die;
}

score 0 · Accepted Answer · answered Jan 20 '14 at 12:00

0

This is my usual approach, see the comments for further details.

session_start();

// 1. unset all of the session variables
$_SESSION = array();

// 2. delete the session cookie
if ( ini_get( 'session.use_cookies' ) ) {
    $params = session_get_cookie_params();
    setcookie( session_name(), '', ( time() - 42000 ), $params['path'], $params['domain'], $params['secure'], $params['httponly'] );
}

// 3. destroy the session.
session_destroy();

answered Jan 20 '14 at 12:00

Lars Beck

3,446
2
22
23

i tried that and it didnt work... i dont know if it can be a problem with my server, because ive tried all the options so far – ledesma Jan 20 '14 at 13:26
ive hosted the page in another server and it did work... so it may be a problem with my server.. thanks a lot mate... – ledesma Jan 20 '14 at 14:00

Destroy session in php

3 Answers3

Linked