1

I'm getting frustated. Tried everything to logout users from my PHP page but it does not work the shoppingcart is still full and the user name is still there. My webpage is about a online shopping. The login works fine and I created a logout file with the following code

session_start();
session_destroy();
header('Location: login.php');
exit;

My login code is:

// get Members table
require './Model/Members.php';
$memberTable = new Members();


    if (isset($_POST['data'])) {
        // take security precautions: filter all incoming data!
        $email      = (isset($_POST['data']['email']))      ? strip_tags($_POST['data']['email'])       : '';
        $password   = (isset($_POST['data']['password']))   ? strip_tags($_POST['data']['password'])    : '';
        if ($email && $password) {
            $result = $memberTable->loginByName($email, $password);
            if ($result) {
                // store user info in session
                $_SESSION['membro'] = $result;
                $_SESSION['login'] = TRUE;


            } 


                      else {
                $_SESSION['login'] = FALSE;

            }
            // redirect back home
            header('Location: ?page=paginaprincipal');
            exit;
        }
}

my html from login page is:

<div class="content">
    <br/>
    <div class="product-list">

        <h2>Login</h2>
        <br/>

        <b>Por favor, entre a sua informacao.</b><br/><br/>
        <form action="?page=login" method="POST">
            <p>
                <label>Email: </label>
                <input type="text" name="data[email]" />
            <p>
            <p>
                <label>Password: </label>
                <input type="password" name="data[password]" />
            <p>
            <p>
                <input type="reset" name="data[clear]" value="Clear" class="button"/>
                <input type="submit" name="data[submit]" value="Submit" class="button marL10"/>
            <p>
        </form>
    </div><!-- product-list -->
</div>

Please help me to identify what am I doing wrong. I've tried a lot of different things from here but none of them works and I need this work to be done as soon as possible that's why my frustation :-(

aynber
  • 22,380
  • 8
  • 50
  • 63
Irene Jovem
  • 13
  • 4

2 Answers2

0

For the logout page this ought to do it.

session_start();

unset( $_SESSION['membro'] );
unset( $_SESSION['login'] );

/* cookies should be deleted when the session is destroyed anyway */
setcookie( session_id(), "", time() - 3600 );
session_unset();
session_destroy();

session_write_close();

session_start();
session_regenerate_id( true );
exit( header('Location: login.php') );

In response to your comments that it is still not working, I re-wrote some of your code as follows and tested using the code above ( though I emulated the $memberTable->loginByName with some static values and it worked. The session was completely destroyed each time and a new one regenerated so I'm not sure the problem lies in the logout script. If this continues to fail it might be worth looking into what cache-control headers are being set

<?php

    require './Model/Members.php';
    $memberTable = new Members();


    if( isset( $_POST['data'] ) ) {

        $data=$_POST['data'];

        $email=isset( $data['email'] ) && !empty( $data['email'] ) ? trim( strip_tags( filter_var( $data['email'], FILTER_SANITIZE_EMAIL ) ) ) : false;
        $password=isset( $data['password'] ) && !empty( $data['password'] ) ? trim( strip_tags( filter_var( $data['password'], FILTER_SANITIZE_STRING ) ) ) : false;

        if ( $email && $password ) {
            $result = $memberTable->loginByName( $email, $password );

            if ( $result ) {
                $_SESSION['membro'] = $result;
                $_SESSION['login'] = TRUE;
            }  else {
                $_SESSION['login'] = FALSE;
            }
            exit( header('location: ?page=paginaprincipal') );
        }
    }
?>
Community
  • 1
  • 1
Professor Abronsius
  • 33,063
  • 5
  • 32
  • 46
  • I've placed the code, as it looks like it would work but nothing happed. I'd then try to unset the cookies and nothing happed... It migth be something else that I'm doing wrong, please help. – Irene Jovem Dec 02 '15 at 14:44
  • I copied you code and past exactly how it is but still could not logout. Looks like I have to review my headers :-(. – Irene Jovem Dec 02 '15 at 19:42
0

Is there any chance that something has been stored in cookies? If so, try to clear them up as well.

How to clear them all: how to delete all cookies of my website in php

A small guide: http://www.pontikis.net/blog/create-cookies-php-javascript

Community
  • 1
  • 1
Kirill Rogovoy
  • 583
  • 3
  • 11
  • I was wondering about the same thing. Tried the code from the first link you gave but did not work as well. I placed the code after the unset is it good? reading now the sencond link: // unset cookies if (isset($_SERVER['HTTP_COOKIE'])) { $cookies = explode(';', $_SERVER['HTTP_COOKIE']); foreach($cookies as $cookie) { $parts = explode('=', $cookie); $name = trim($parts[0]); setcookie($name, '', time()-1000); setcookie($name, '', time()-1000, '/'); } } – Irene Jovem Dec 02 '15 at 14:52
  • If it's not a session or cookies, it might be js [localStorage](https://developer.mozilla.org/en/docs/Web/API/Window/localStorage). Ensure all cookies are properly removed (e.g., using browser's dev tools) and check the localStorage. Also, since you know the name of the particular shoppingcart library you use, try to search at its docs or even better look at source code. At least, give us a link to the this tool's repository so we can do that. – Kirill Rogovoy Dec 02 '15 at 16:45
  • checked the local storage in dev tool but localstorage is empty, only in cookies I found n open session PHPSESSID. – Irene Jovem Dec 02 '15 at 20:09
  • I've got to be missing something. Cookies and localStorage are the most frequent local permanent (semi-permanent, actually) storages. Try to check again using the old browser. It could be WebWorker or some other new stuff. – Kirill Rogovoy Dec 03 '15 at 08:01