2

I am trying to create a login page for a website. I have followed other guides/posts to get to this point, but I can't figure out why my logout button is not working.

The login functionality works as intended, but I cannot log out once logged in.

logout.php

<?php   
 //logout.php  
 session_start();  
 session_destroy();  
 header('Location: ' . $_SERVER['HTTP_REFERER']);  
 ?>

index.php

<?php
ini_set("session.save_path", "/home/sessionData");
session_start();
?>
<!DOCTYPE html>
<html lang="en">
<head>
  <meta name="viewport" content="width=device-width, 
  maximum-scale=1.0">        
  <meta charset="UTF-8">
  <title>Index</title>
</head>
<body>
    <?php 
    $form = '
    <div class="form-container">                 
      <form method="post"action="loginProcess.php">  
        <label>Username</label>  
        <input type="text" name="username" class="form-control" />  
        <br />  
        <label>Password</label>  
        <input type="password" name="password" class="form-control" />  
        <br />  
        <input type="submit" name="login" class="btn" value="Login" />  
      </form>  
    </div>
    ';


   if(isset($_SESSION["username"])){

   echo '<h3>Login Success, Welcome - '.$_SESSION["username"].'</h3>';  
  echo '<br /><br /><a href="logout.php">Logout</a>';  
  }

  else{ 
  echo $form;
  }
?>

</div>
</div>
</body>
</html>

There is also a db connection script but I am pretty sure that is not the problem so I have left it out. Thanks for your help people, and let me know if you need me to clarify anything :)

Dharman
  • 30,962
  • 25
  • 85
  • 135
WhynarySearch
  • 207
  • 1
  • 2
  • 9
  • I question why this was edited out earlier. I rolled it back. Please don't do that. You're defacing the question. – Funk Forty Niner Dec 26 '19 at 00:51
  • Please don't make more work for other people by vandalizing your posts. By posting on the Stack Exchange network, you've granted a non-revocable right, under the [CC BY-SA 4.0 license](//creativecommons.org/licenses/by-sa/4.0/), for Stack Exchange to distribute that content (i.e. regardless of your future choices). By Stack Exchange policy, the non-vandalized version of the post is the one which is distributed. Thus, any vandalism will be reverted. If you want to know more about deleting a post please see: [How does deleting work?](//meta.stackexchange.com/q/5221) – Dharman Jan 06 '20 at 22:19

2 Answers2

1

You're missing:

ini_set("session.save_path", "/home/sessionData");

in logout.php. You should set this in php.ini to keep this from happening.

WhynarySearch
  • 207
  • 1
  • 2
  • 9
Anonymous
  • 11,748
  • 6
  • 35
  • 57
0
session_start();
session_destroy();

and you also need 

session_unset();

in order to clear the global variables

Luis Cadena
  • 102
  • 1
  • 2
  • 15