1

I start the session by following command:

session_start();

when the user logs in I save information of that user in the $_SESSION with following code:

$_SESSION["logged_in_user"]=$username;  
$_SESSION["logged_in_status"]="logged in";
$_SESSION["logged_in_business_id"]=$business_id;
$_SESSION["logged_in_business"]=$business_name;

and when the user logs out I do the following commands to clear the $_SESSION :

setcookie("PHPSESSID", "", time()-3600, "/" );
$_SESSION=array();
session_destroy();
session_write_close();

Now when I check the $_SESSION after logout and before login, the result is an empty array(), which is exactly what it should be. But as soon as I log in $_SESSION not only shows the information I saved in it, but also empty values with filled keys, like for example:

Array(
[logged_in_user] => aristocraticmasterminder
[logged_in_status] => logged in
[logged_in_business_id] => us-000000001
[logged_in_business] => Microsoft PLC Limited
[RoleID] => 
[RoleName] => 
[RoleDuty1] => 
);

These keys do not have any value saved in $_SESSION corresponding to them. I session_start(); on the top of each page, and consequently also on the log out page before session_destroy(); I think this has something to do with the PHPSESSID cookie which is saved on my browser. How can I clear these empty keys and just save the data saved after the session_start();?

Rabia Rana Khan
  • 202
  • 1
  • 11
  • Did you `session_start();` before `$_SESSION=array(); session_destroy();` when they logout? – AbraCadaver Feb 16 '17 at 19:39
  • yes I session_start(); before log-in and session_destroy(); during logout – Rabia Rana Khan Feb 16 '17 at 19:40
  • Can you show minimal working example code? – Hagen von Eitzen Feb 16 '17 at 19:40
  • No, you must call `session_start()` when they logout, before `$_SESSION=array(); session_destroy();` or there is no `$_SESSION` array and no session to destroy. – AbraCadaver Feb 16 '17 at 19:41
  • I do that aswell, I session_start(); on the top of each page, and consequently also on the log out page before session_destroy(); – Rabia Rana Khan Feb 16 '17 at 19:42
  • can we please see some sample code? – Mohammad Ali Feb 16 '17 at 19:44
  • I have edited and updated the code which saves the user details into $_SESSION – Rabia Rana Khan Feb 16 '17 at 19:47
  • In what part of your code are you setting those session keys that now turn up empty? Try and put a debug output statement there (resp. a break point, if you have an IDE with the ability to debug), and see if not maybe that code gets run through during/after login as well. – CBroe Feb 16 '17 at 20:27
  • I am not setting those keys, they were set a few days ago, when those pages were under construction. But after new login or even after new server restart, i didn't touch them. That is why they are empty. – Rabia Rana Khan Feb 16 '17 at 20:29
  • _"That is why they are empty"_ - so they _were_ the empty the last time they were used? // You are just using the default PHP session mechanism here, no frameworks with their oven session handler or something like this? – CBroe Feb 16 '17 at 20:34
  • @CBroe No when empty keys are used by the system in $_SESSION they have value corresponding to them, and that is done by a totally different page, which has not been touched as soon as I log-in. – Rabia Rana Khan Feb 16 '17 at 20:43
  • Did you or did you not _verify_ that in the way I suggested? – CBroe Feb 16 '17 at 20:45
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/135893/discussion-between-rabia-rana-khan-and-cbroe). – Rabia Rana Khan Feb 16 '17 at 20:47

2 Answers2

0

try this 

    unset($_SESSION['name']);

How to remove a variable from a PHP session array

Community
  • 1
  • 1
  • does this mean that I have to clear all the variables from $_SESSION array like this. There are a lot of variables I stored in $_SESSION and if so, then what is the need for session_destroy(); – Rabia Rana Khan Feb 16 '17 at 19:51
0

Reverse your session destruction sequence.

Change:

$_SESSION=array();
session_destroy();

To:

session_destroy();
$_SESSION=array();
raidenace
  • 12,789
  • 1
  • 32
  • 35
  • nope it didn't work aswell. I think it has something to do with PHPSESSID cookie, Do you know how can I make that cookie to expire? – Rabia Rana Khan Feb 16 '17 at 20:23
  • Thats bugging me.. if you set $_SESSION to an empty array, everything should be gone! what happens if you unset($_SESSION)? – raidenace Feb 16 '17 at 20:25
  • I researched it, it has something to do with the PHPSESSID cookie. Can you tell me how to make it expire. Example is here: http://7php.com/php-5-3-how-to-completely-destroy-session-variables-in-php – Rabia Rana Khan Feb 16 '17 at 20:27
  • @RabiaRanaKhan check the manual for session_destroy, it's explained there how to delete the session cookie. – CBroe Feb 16 '17 at 20:28
  • Although I doubt that's really it. PHP should only be able to pick up the now empty session with the same id, _because_ of the call to session_destroy. – CBroe Feb 16 '17 at 20:33
  • @CBroe then why are those empty keys appearing. and how do I clear them? – Rabia Rana Khan Feb 16 '17 at 20:37
  • Your problem is not reproducible with the code shown so far. Check what happens when you clear the session cookie (or all cookies for the site, to be sure), and then go through the steps again. If those keys are appearing in a "fresh" session with a new id ... then something in your code must be setting them. – CBroe Feb 16 '17 at 20:41
  • @CBroe I deleted all the cookies from the browser, but still the empty keys are appearing. I don't know why? – Rabia Rana Khan Feb 16 '17 at 20:52
  • That is all the more reason to believe that they get set somewhere in your code ... they can not magically appear out of thin air in a fresh session. – CBroe Feb 16 '17 at 21:01