-2

I am using a special wrapper class around session_start() function to add protections on my sessions.

To log the user out, I have a button like this:

 <a href="logout.php">
  <button data-toggle="modal" data-backdrop="false" href="" name="out" class="btn btn-primary navbar-btn" style="margin-right: 3px"><span class="glyphicon glyphicon-user"></span>Log Out</button></a>

Here is the logout.php:

<?php

error_reporting(0);
include('SessionManager.php');
$mySess = new SessionManager();
$session = $mySess -> sessionStart('InstallationName'); // create/start a new session or start the existent session

$mySess -> destroy(); //destroy the session

header('Location: page1bis.php');
exit();
?>

Here is the destroy() function in my SessionManager Class:

<?php
class SessionManager
{
          .
          .
          .
static protected function destroy()
{
    echo $_SESSION['cook'];echo "<br>";
    echo "hello !";
    session_destroy();
    echo $_SESSION['cook'];
}
}
?>

But when one click on the logout button, it goes to the lougout.php page, but no redirection is made, also here is the output of the lougout.php page:

tfe0eccar02k3pgi5b7i8i2ek5
hello !

p.s: The echos in the logout.php are just here to show that the session is effectively destroy (or there should to 2 tokens), also even if I remove them there is still the same problem

aurelSon
  • 79
  • 3
  • 12
  • 1
    You cannot send headers anymore once you've `echo`'ed anything. You should separate control flow from output. In addition to that, you should turn on warnings. – Siguza Mar 31 '17 at 21:56
  • 1
    You can't have a button inside a link. – Quentin Mar 31 '17 at 21:59
  • Make sure the `header()` redirection is at the very top of the page. Before any HTML. If HTML is setting the header first `header` function will fail to generate a header. – Prav Mar 31 '17 at 22:02
  • btw `error_reporting(0);` that didn't help your cause. – Funk Forty Niner Mar 31 '17 at 22:05

2 Answers2

3

You can't output prior to redirection.

Either move the location redirect logic prior to output or you can add ob_start(); as the first line in your script and then that output will get discarded upon redirect.

Matt
  • 5,315
  • 1
  • 30
  • 57
  • Hi and thank you for your answer I just removed all the echos in my **logout.php** file, and I still have the same problem (no redirection). – aurelSon Mar 31 '17 at 22:01
1

Turn on your PHP-errors. You should see something like Warning: Cannot modify header information - headers already sent by... which means that you're not allowed to echo/print anything prior to header-function.

ad_on_is
  • 1,500
  • 15
  • 27
  • Actually I have another error that is displayed => **Fatal error: Call to protected method SessionManager::destroy**, so I removed the **protected** in my function, but now when clicking the Log Out button it redirects correclty but the `session_detroy` did not work (I still have a token) – aurelSon Mar 31 '17 at 22:04
  • how do you know that you still have a token? according to your first post, your echo looks like this `tfe0eccar02k3pgi5b7i8i2ek5 hello !` if you'd still have a token it would look like this: `tfe0eccar02k3pgi5b7i8i2ek5 hello ! tfe0eccar02k3pgi5b7i8i2ek5` – ad_on_is Mar 31 '17 at 22:22