0

I've read several topics like:

Error — session_destroy() — Trying to destroy uninitialized session, Warning: session_destroy(): Trying to destroy uninitialized session, Warning: session_destroy(): Trying to destroy uninitialized session with phpCas

And none of them help me.

public function forbidden(){
    if(!isset($_SESSION)){ session_start(); }

    if(!isset($_SESSION['email']) || !isset($_SESSION['id'])){
        $this->error_404();
    }else{

        if(!isset($_COOKIE['data'])){
            session_destroy();
            $this->error_404();
        }

        if($_COOKIE['data'] != sha1($_SESSION['email'])){
            session_destroy();
            unset($_COOKIE["data"]);
            setcookie("data", false, time() - 3600, '/');
            $this->error_404();
        }
    }
}

Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session

I do receive that error on the second session_destroy();, the session is initialized so I don't get it?

Community
  • 1
  • 1
user3243925
  • 271
  • 2
  • 4
  • 12

3 Answers3

0

You're calling session_destroy() twice.

If your cookie isn't set, then it won't equal $_SESSION['email'] will it?

Change your code to:

public function forbidden(){
    if(!isset($_SESSION)){ session_start(); }

    if(!isset($_SESSION['email']) || !isset($_SESSION['id'])){
        $this->error_404();
    }else{

        if(!isset($_COOKIE['data'])){
            session_destroy();
            $this->error_404();
        } elseif($_COOKIE['data'] != sha1($_SESSION['email'])){
            session_destroy();
            unset($_COOKIE["data"]);
            setcookie("data", false, time() - 3600, '/');
            $this->error_404();
        }
    }
}
TRiG
  • 10,148
  • 7
  • 57
  • 107
Styphon
  • 10,304
  • 9
  • 52
  • 86
  • I've changed totally the code to what you've told me and I keep receiving the same error in the same line (in the second `session_destory()`). – user3243925 Jan 31 '14 at 09:51
0

Read This Answers of this question on stackoverflow
why session destroy not working
put this code in first and End of Your php File

<?php
ob_start();
?>
Your Code Here...
<?php
ob_flush();
?>


Your calling session_destroy() twice.
Or Removed All Sessions on server...

Community
  • 1
  • 1
  • 1
    I actually use that function in my files but I forgot to use in this file. It solved. Thanks. – user3243925 Jan 31 '14 at 10:05
  • I'm thank . i write this on community wiki mode.And your Accept not give rank for me . please voet this Later... ;) –  Jan 31 '14 at 11:12
0

The problem is that you call session destroy twice. If $_COOKIE['data'] is not set, then $_COOKIE['data'] != sha1($_SESSION['email']) will return false as well and it will try to destroy the session again.

    if(!isset($_COOKIE['data'])){
        session_destroy();
        $this->error_404();
    }

    if($_COOKIE['data'] != sha1($_SESSION['email'])){
        session_destroy();
        unset($_COOKIE["data"]);
        setcookie("data", false, time() - 3600, '/');
        $this->error_404();
    }

Make the checks on in another

     if($_COOKIE['data'] != sha1($_SESSION['email'])){
        if(!isset($_COOKIE['data'])){
        session_destroy();
        $this->error_404();
        }
        else
        {
        unset($_COOKIE["data"]);
        setcookie("data", false, time() - 3600, '/');
        session_destroy();
        $this->error_404();
        }
    }

If the cookie data is not valid, it may be because there is no cookie. This way, if it's not valid, it checks if it exists. If it does exist and it's not valid, it does something. If it doesn't, it does something else.

TRiG
  • 10,148
  • 7
  • 57
  • 107
Arrok
  • 116
  • 5