Warning: session_destroy(): Trying to destroy uninitialized session[session_start() used]

Question

i know my code is very beginner because i am just started php. so sorry at beginning

I already read stack other questions and answers about

Warning: session_destroy(): Trying to destroy uninitialized session

all answers just mentioned that i need to use session_start() before using

session_destroy();

but they are not explaining why this warning occurs even i already used session_start() i am just trying to login then dashboard page appears where user can click on logout button to logout

whole application is working fine only problem is when i click on logout button in dashboard.php it go to logout page and show warning which above mentioned

login.php

<?php
session_start();
}
?>
<!DOCTYPE html>
<html>
<head>
  <title>Login Page</title>
  <link rel="stylesheet" type="text/css" href="style.css">
</head>

<body>
<div class="header">
  <h1 align="center">Login</h1>
</div>
  orm action="" method="post">
  <table align="center">
    <tr>
<td align="right"><input type="email" name="email" placeholder="Email" required></td>
<td class="s1">*</td>
    </tr>
    <tr>
<td align="right"><input  type="password" name="pass" placeholder="Password" pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,12}" title="Must contain at least one number and one uppercase and lowercase letter, and at least 8 or more characters" required></td>
<td class="s1">*</td>
    </tr>
    <tr>
<td align="right"><input type="submit" value="Login"><td>
    </tr>
  </table>
  <p align="center"><strong>Or</strong></p>
  <p align="center">Create New acount <strong><input type="button" value="Sign Up" onclick="location.href='sign_up.php'"></strong></p>
  <br>
  <br>
  <br>
  <br>
  <br>
<div class="footer">
  <p><span class="s1">*</span> indicates mandatory feild<p>
</div>
</body>
</html>

<?php
require 'connection.php'; // connection

if($_SERVER['REQUEST_METHOD'] === 'POST')
{
$email = $_POST['email'];
$pass = $_POST['pass'];
// getting username from database and storing into session variable
///  $sql =mysqli_query($conn,"SELECT name FROM users WHERE email='$email'");
  $sql1 = mysqli_fetch_assoc($sql);
  $user_name = $sql1['name'];
//  setting session variables
  $_SESSION['user_name']= $cookie_name;
  $_SESSION['timeout']=time();

// check email exists or not
$query=mysqli_query($conn,"SELECT email FROM users WHERE email='$email'");
if(mysqli_num_rows($query) > 0)
{
  //check email and password correct or not
  $query1=mysqli_query($conn,"SELECT email, password FROM users WHERE email='$email' AND password='$pass'");
  if(mysqli_num_rows($query1) > 0)
  {
    // login success
    header("location:dashboard.php");
    // ---->  alternative way to redirect to dashboard.php
  /*echo  "<script type='text/javascript'>
window.location.href = 'dashboard.php'
</script>";*/
  }
  else
  {
    // incorrect password
    echo "<p align='center' style='color:#ff6262'>your password is incorrect!<br>Please try again</p>";
  }
}
else
{
  // email not exist
    echo "<p align='center' style='color:#ff6262'><b>Email you are entering does not exist in our database<br></b></p>";
}
 }
 ?>

dashboard.php

<?php
session_start();
?>

<!DOCTYPE html>
<html>
<head>
  <title>
    <?php
require 'connection.php';
echo $_SESSION['user_name'];
    ?>
  </title>
  <link rel="stylesheet" type="text/css" href="style.css">
</head>

<body>
<div class="header">  <h1 align="center"><?php echo "Welcome:  ".ucfirst($_SESSION['user_name']); ?></h1>
</div>
<table>
  <tr>
<td align="right">Change User Name:</td><td><input type="button" onclick="location.href='user.php'" value="click here"></td>
</tr>
<tr></tr>
<tr>
<td align="right">Change Password:</td><td><input type="button" onclick="location.href='pass.php'" value="click here"></td>
</tr colspan="2">
<tr><td align="right"><input type="button" value="Logout" onclick="location.href='logout.php'"></td></tr>
</table>

</body>
</html>
<?php
if (isset($_SESSION['timeout']) && (time() - $_SESSION['timeout'] > 60)) {

    session_unset();     // unset $_SESSION variable for the run-time
    session_destroy();   // destroy session data in storage
    header("location:logout.php");
}
$_SESSION['timeout'] = time();

 ?>

logout.php

<?php
session_start();
?>
<?php
session_unset();
if(!session_unset())
{
  echo "session not unset";
}
else {
  echo "session unset";
}

session_destroy();
if(!session_destroy())
{
  echo "session not destroyed";
}
else {
  echo "session destroyed";
}
//header(location:login.php);
 ?>

some other suggest me to use cookies but i don't know how to relate cookies with session anyone who can help.

Answer 1

You're running session_destroy() twice! This results in your error. The code in the if statement runs after the initial session_destroy().

You're also doing it for session_unset(), same fix.

This is the code that's causing the issue (the second session_destroy() returns false):

session_destroy(); // returns true
if(!session_destroy()) // returns false, because the session is already destroyed.
{
  echo "session not destroyed"; // this gets ran
}
else {
  echo "session destroyed";
}

---

You can change to this, to resolve your error.

if(!session_destroy())
{
  echo "session not destroyed";
}
else {
  echo "session destroyed";
}