0

I have created 3 files.

The first one is my index.php file where all of my HTML is stored

// index.php file
<?php 
session_start();
?>

<?php
if (!isset($_SESSION['u_id'])) {
    header("Location: login.php");
    exit();
}
?>

The second one is my login file (part of this) where i create sessions

//login.php
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_log'] = $row['user_login'];
header("Location: ../index.php?login=success");
exit();

And the last one is for logout where i try to destroy my sessions

//logout.php
<?php 

if (isset($_POST['submit'])) {
    session_start();
    session_unset();
    session_destroy();
    header("Location: ../login.php?logout");
    exit();
}

So the problem is next... as you can see from the code, i check in my index.php file, if section is not set, to redirect users to login.php. After successfully login and logout, i try to visit the home page 'index.php' i expected browser to redirect me to login.php but it didn't happen, i see just white screen without html code when i inspect, there are also none errors in console.

rpm192
  • 2,630
  • 3
  • 20
  • 38
Martin M
  • 111
  • 1
  • 12
  • Possible duplicate of https://stackoverflow.com/questions/1475297/phps-white-screen-of-death – 04FS Feb 12 '19 at 15:12
  • 6
    You are probably just violating the “no output before sending headers” rule … by introducing unnecessary extra white space between `?>` and ` – 04FS Feb 12 '19 at 15:14
  • http://php.net/manual/en/function.session-destroy.php – RiggsFolly Feb 12 '19 at 15:14
  • you say you have no error logs at all? Assuming you've started the session correctly, all you need to do really is to simply clear the session data with `$_SESSION = [];` and [ensure the browser does not cache the page](https://stackoverflow.com/questions/13640109/how-to-prevent-browser-cache-for-php-site). – Martin Feb 12 '19 at 15:14
  • 2
    *"there are also none errors in console"* ... well, no - PHP runs on the server, your JavaScript console knows nothing about it. – CD001 Feb 12 '19 at 15:15
  • Are you start session on logout.php? – Hackrrr Feb 12 '19 at 15:15
  • 2
    Possible duplicate of [PHP's white screen of death](https://stackoverflow.com/questions/1475297/phps-white-screen-of-death) – But those new buttons though.. Feb 12 '19 at 15:15
  • i should have one page that include the 3 files, and then put `session_start()` function in it. The Session ID is not the same because `logout.php`, `login.php` don't have `session_start()` – Pascal Tovohery Feb 12 '19 at 15:15
  • @MartinM "This one that to copy is totally different, not connected with the set or unset of session" It may well be related. You should share the error you're getting. – ceejayoz Feb 12 '19 at 15:15
  • 1
    http://php.net/manual/en/function.session-unset.php says "Only use session_unset() for older deprecated code that does not use $_SESSION.". I don't think you should be using this function. You can use `$_SESSION = array();` to explictly reset the session array. session_destroy() doesn't delete them either. – ADyson Feb 12 '19 at 15:24

1 Answers1

4

This is because you are displaying some content before changing the header. Then, the header was already sent. and header(something) won't work.

// index.php file
<?php 
session_start();
?>
<!-- there is a space below. -->

<?php
if (!isset($_SESSION['u_id'])) {
    header("Location: login.php");
    exit();
}
?>

Change your code to

// index.php file
<?php 
session_start(); // not closing php tag just below

if (!isset($_SESSION['u_id'])) {
    header("Location: login.php");
    exit();
}
?>

When you are rendering a page, the server send to the browser a HTTP Message.

(from Wikipedia)

The request/response message consists of the following:

  • Request line, such as GET /logo.gif HTTP/1.1 or Status line, such as HTTP/1.1 200 OK,
  • Headers
  • An empty line
  • Optional HTTP message body data

If you send some message body data (even a space) before using header();, a header will already be send. Doing header() after will have no effects, since the HTTP Message is already defined

Community
  • 1
  • 1
Cid
  • 14,968
  • 4
  • 30
  • 45