Making empty the sesssion value rather than destroy_session()

Question

below is my PHP routine for using SESSION functionality. I have three webpage by name login.php, homepage.php,logout.php. while I enter the correct password and username in my login.php page, it redirects me to homepage.php. In homepage.php, it contains a logout link. while I clicked that logout link, it redirects me to login.php. these fucntion work absolute as what I expect. but my problem now is while I open homepage.php alone, it should redirect me to login.php. but it opens the homepage.php. I need a exact condition for homepage.php to only open homepage.php while submitting correct data in login.php. otherwise while I open homepage.php directly, it should redirect me to login.php. but the main thing is I do not need to destroy session but I can empty my session value as

$_SESSION['sumthing'] == '';

hope you understand my problem. thanks in advance.

Login page

<?php 
    include("includes/config.php");
    if ($_POST['frmSubmit']) {
        $strUserData = doSelectUserDetails($_POST);
        if($strUserData) {
            $_SESSION['SESS_UserId'] = $strUserData['user_id'];
            $_SESSION['SESS_UserName'] = $strUserData['user_name'];
            session_write_close();
            header('Location: homepage.php');
        } else {
            $strMessage = 'User Name or Password is Incorrect!';                                                                    
            $strClass = 'Error';
        }   
    }

?>

Home page

<?php
    include("includes/config.php");
    if((!isset($_SESSION['SESS_UserId'])) || (($_SESSION['SESS_UserId']) == '')) {
        header("location: login.php");
        exit;
    }
?>

Logout

<?php
        $_SESSION['SESS_UserName'] == '';
        $_SESSION['SESS_UserId'] == '';
        header("location: login.php");
        exit();
?>

Function

function doSelectUserDetails($objArray)
{
    $sqlSelect = "SELECT * FROM tbl_userdata WHERE user_name = '".$objArray['frmUserName']."' AND user_password = '".$objArray['frmPassword']."' ";
    $strValues = SelectQry($sqlSelect);
    return $strValues[0];
}

score 1 · Answer 1 · answered Sep 05 '14 at 14:58

1

Note: session_destroy() will reset your session and you will lose all your stored session data.

Use unset() function instead:

if(isset($_SESSION['views'])) {
unset($_SESSION['SESS_UserName']);
unset($_SESSION['SESS_UserId']);
}

Home File:

if((!isset($_SESSION['SESS_UserId'])) || (($_SESSION['SESS_UserId']) == '')) {
    header("location: login.php");
    exit;
} else echo $_SESSION['SESS_UserName'];

answered Sep 05 '14 at 14:58

sfdsfds

41
10

Sorry brother, i didn't get u. where should i need to use this rotine?? if(isset($_SESSION['views'])) { unset($_SESSION['SESS_UserName']); unset($_SESSION['SESS_UserId']); } – Syed Ibrahim Sep 05 '14 at 15:02
that's another way to end A session – sfdsfds Sep 06 '14 at 20:09

score 1 · Accepted Answer · answered Sep 05 '14 at 15:22

Unset your session variable for logout.php file like this

  unset($_SESSION['SESS_UserName']);
  unset($_SESSION['SESS_UserId']);

use unset to destroy one session element from $_SESSION global array.

use session_unset() function if you want to destroy all session variables currently registered.

score 0 · Answer 3 · edited May 23 '17 at 12:23

0

What I would do is check if the user has a session. If they dont redirect to the login page:

if (session_status() == PHP_SESSION_NONE) {
    header("location: login.php");
}

Source: Check if PHP session has already started

edited May 23 '17 at 12:23

Community

1
1

answered Sep 05 '14 at 14:58

Tim

785
1
7
20

people can have a session without being logged in, though. e.g. go to amazon, start shopping, *THEN* log in to purchase. – Marc B Sep 05 '14 at 15:00

Making empty the sesssion value rather than destroy_session()

3 Answers3