0

I'm not understanding why this below code not redirecting, I had destroy the sessions, so the condition should be true, but its not redirecting to this page, 

<?php
    session_start();

    if(!isset($_SESSION['userid'])) {   
        header('Location: Login.html');
        exit;
    }
?>

but in logout php the redirection working well.

<?php
    session_start();
    session_destroy();
    header('Location: Login.html');
    exit;
?>

EDIT

I could see a redirection call in the Chrome developer tool, but its not actually redirecting enter image description here

Please help me to understand my fault in the code.

Able Alias
  • 3,824
  • 11
  • 58
  • 87
  • 1
    Add error reporting to the top of your file(s) right after your opening ` – Funk Forty Niner Oct 02 '14 at 15:41
  • 1
    `isset` doesn't check if the value it true. It checks if the key exists ... so if `$_SESSION['userid']` is there but false, it won't redirect. You should use `empty` instead. – Cfreak Oct 02 '14 at 15:41
  • http://stackoverflow.com/questions/18539403/chrome-cancels-cors-xhr-upon-http-302-redirect, http://code.google.com/p/chromium/issues/detail?id=103458, http://serverfault.com/questions/363275/chrome-caching-302-redirects – Mike B Oct 02 '14 at 15:49
  • @Cfreak, I believe isset is enough. He is trying to remove it altogether. If it gets removed, `isset()` will return false. He doesnt care what the current value is – Oberst Oct 02 '14 at 15:51
  • @MikeB, all of those indicate JS (because of CORS). This is in PHP. Meaning its server side. Browser Independent. The server does its redirect BEFORE anything is sent to the browser – Oberst Oct 02 '14 at 15:52
  • I'm using Jquery AJAX "GET" call to the PHP file. – Able Alias Oct 02 '14 at 15:53
  • Well crap. Haha. Then @MikeB links would be helpful. Have you tried this code with other browsers (without success)? – Oberst Oct 02 '14 at 15:55
  • Is this CORS issue or browser issue? – Able Alias Oct 02 '14 at 16:25

2 Answers2

0

Make sure there is no white space before the <?php, as this would stop you from setting any header attributes.

Craig Mosey
  • 142
  • 7
0

Explicitly doing unset($_SESSION['userid']); should suffice.

The page for session_destroy() states

session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

Community
  • 1
  • 1
Oberst
  • 477
  • 11
  • 19