php session and session unset + destroy keeps session intact

Question

I have a small website using a session to check for an user login.

When the user click logout the are being redirected to a page containing only session destroy.

The code is as followed:

<?php
session_start();
if(session_destroy()) {
    $_SESSION = array();
    header("Location: http://domain.com/");
}
exit();
?>

I've tried to remove the if statement to check for any problem when destroying the session.

I have even used unset and setting the array to empty.

Still when redirected to the domain homepage the user is still logged in and the session is still set.

Also i tried to unset the specific session and still nothing happens.

-- Update: The session is not even being return as an empty value. Echoing the session after logout still returns the value of the username.

Why session_destroy twice? session_destroy will return true if it successfully destroys the session. — Tim, Nov 18 '15 at 11:42
Just a mistake after trying out multiple solutions for unsetting / destroying the cookie. — LetMeAnswerThis, Nov 18 '15 at 11:44
And the value is returned true. i'm always receiving the header redirect. — LetMeAnswerThis, Nov 18 '15 at 11:44
the cookie will not be deleted see documentation: http://php.net/manual/function.session-destroy.php — Roland Starke, Nov 18 '15 at 11:45
It was simply a spelling mistake. Not working with cookies on the website at all. I'm simply meaning session — LetMeAnswerThis, Nov 18 '15 at 11:49
session_start(); session_destroy(); then do ur redirect straight — Mark Ng, Nov 18 '15 at 12:28
Also tried that. Also tried without redirect and then echoing the session. The variable is still there. — LetMeAnswerThis, Nov 18 '15 at 12:39
O.o if thats the case, can u put up how u authenticate, and the user page code? and which browser u r using? — Mark Ng, Nov 18 '15 at 14:34

score 0 · Answer 1 · edited May 23 '17 at 12:03

0

This answer should help. As Roland Starke mentioned in a comment, session_destroy will not remove a cookie.

edited May 23 '17 at 12:03

Community

answered Nov 18 '15 at 11:47

Tim

It was simply a spelling mistake. Not working with cookies on the website at all. I'm simply meaning session. Also using the code provided in the forum or the from the original post on .php i simply receive a 500 internal error. i believe this is because i have no access for the .ini file. – LetMeAnswerThis Nov 18 '15 at 11:50

Mark Ng · Answer 2 · 2015-11-18T15:30:46.747

0

try this.

<?php
session_start();
if(session_destroy()) {
echo '<meta http-equiv="refresh" content="0;URL=http://domain.com">';
}
exit();
?>

I think the header is throwing an error in this particular case of yours. hmmmm.....(Header already sent)...

edited Nov 18 '15 at 15:30

answered Nov 18 '15 at 15:23

Mark Ng

2 Answers2