2

My problem is when i unset a session variable then reload login.php, the session variable is still set.

Here is what i'm trying to do:

I'm trying to send an error message through a session variable that is set in reset.php

<?php
session_start();
$_SESSION['reset-msg'] = "This link has already been used";
header("Location: {$url}login.php");
exit();
?>

Login.php should check if this session is set then displays the error message and unset the session variable.

<?php
session_start();

if(isset($_SESSION['reset-msg']) && !empty($_SESSION['reset-msg'])){

   print_r($_SESSION);//prints "Array ( [reset-msg] => This link has already been used )"
   $warn_msg = $_SESSION['reset-msg'];
   $_SESSION['reset-msg'] = "";
   unset($_SESSION['reset-msg']);

}else{
   $warn_msg = "";
}
print_r($_SESSION);//prints "Array ( )"
exit;
?>

However, i still get the same message every time i reload login.php.

The only error showing in the log file

PHP Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /login.php:1) in /login.php on line 2

Mohammad Aldajani
  • 21
  • 4
  • avoid calling session_start() in the second page – Sree KS Mar 13 '19 at 05:55
  • I just did. Now the session will never be set and message won't show. – Mohammad Aldajani Mar 13 '19 at 05:59
  • 1
    The error message indicates that you have some output before calling `session_start()`. Move `session_start()` first, before _any_ output at all (including line breaks/white space etc). – M. Eriksson Mar 13 '19 at 06:16
  • 1
    _Side note:_ You don't need both `isset()` and `!empty()` in the same if-condition. Just having `!empty()` is enough since it checks the same thing as `isset()` plus some more. – M. Eriksson Mar 13 '19 at 06:19
  • So you're reloading the `login.php` page? Have you made sure the response isn't cached? – Phil Mar 13 '19 at 06:32
  • not really clear the page you are loading/reloading. Is it reset.php or login.php? –  Mar 13 '19 at 06:32
  • @MagnusEriksson you can see my edited question i hardcoded session_start() in each page to avoid possible outputs before session start. I made sure that there is no space after – Mohammad Aldajani Mar 13 '19 at 06:33
  • 1
    The error message suggests `session_start()` is failing which would certainly cause you problems trying to set session variables. Output started at line #1 indicates you have something **before** ` – Phil Mar 13 '19 at 06:33
  • @GiacomoPittalis i'm trying to reload login.php – Mohammad Aldajani Mar 13 '19 at 06:34
  • 1
    See [this answer](https://stackoverflow.com/a/8028987/283366) for hints on removing output before `session_start()` – Phil Mar 13 '19 at 06:36
  • @GiacomoPittalis I don't think that's right. `reset.php` redirects to `login.php`. Nothing in `login.php` is setting that session variable to a non-empty value – Phil Mar 13 '19 at 06:38
  • 1
    If you still get the same error, then you might have a space or line break before your ` – M. Eriksson Mar 13 '19 at 06:45
  • Thanks @Phil for the link it really helped. – Mohammad Aldajani Mar 13 '19 at 19:24
  • @MagnusEriksson the file was saved as utf-8 with BOM in VScode. I changed it to utf-8 and it worked. You can write your comment as answer to accept it. – Mohammad Aldajani Mar 13 '19 at 19:27

2 Answers2

-2

use session_destroy or define session index blank

Subrata RoyChowdhury
  • 1
  • I tried session_destroy instead of unset, still doesn't destroy the session. However i get this error in the log "session_destroy(): Trying to destroy uninitialized session" – Mohammad Aldajani Mar 13 '19 at 06:10
-2

Use the following. It will destroy the session

session_start();
session_unset();
session_destroy();
header('location:your-desired-location.php');
harjot singh chana
  • 60
  • 9