Not being redirected to a page after destroying session in php

Question

I am having an issue when it comes to redirection.

What I have done is a var dump to see the values for $_SESSION[reset-password-page]. I can see when I am on a previous page and submit a form, the $_SESSION[reset-password-page] is set to reset-password, which is great it's what I want.

Now I what I try to do is destroy the session at the end of the page. The purpose of this is that if the user refreshes the page, the session has already been destroyed and so they sohuld be redirected back to the login page.

I can see the value for $_SESSION[reset-password-page] in my var dump is set to NULL, but it doesn't redirect me, i stay on the same page.

Can I ask how to solve this so I can be redirected?

<?php
session_start();

echo var_dump($_SESSION['reset-password-page']);

if(isset($_SESSION['reset-password-page']))
  if ($_SESSION['reset-password-page'] != "reset-password") {
  
   header("location: login");
  
   }
?>

        <html>
        <head></head>
        <body>
            
        <div style="text-align: center; margin-top: 2em;">

        <img src="static/images/logo.png">
            
        <h2>TITLE</h2>
        
        <p class='success-msg'><i class='fa fa-check'></i> View your email to retrieve your new access code</p>
        
        <p><a href="login" class="linkcss" style="width:auto;"><b>Back To Online Course</b></a></p>

        </div>
        
        </body>
        </html>
        

<?php

   session_destroy();
 
?>

Does this answer your question? [How to fix "Headers already sent" error in PHP](https://stackoverflow.com/questions/8028957/how-to-fix-headers-already-sent-error-in-php) — Jonnix, Oct 16 '20 at 14:51
I think it's my lack of php knowledge to find out how to get around it. Are you ok provided a code example so.I can see? I am assuming I need to include session destroy after if condition — BruceyBandit, Oct 16 '20 at 14:57
Delete `echo var_dump($_SESSION['reset-password-page']);` and see if it works. — Jonnix, Oct 16 '20 at 14:59
I removed it, it still keeps me on the same page and not redirect. I have laso removed the whitespace around session_destroy — BruceyBandit, Oct 16 '20 at 15:00
You don't actually redirect when the session is empty. If there is no session, `if(isset($_SESSION['reset-password-page']))` will be false and so won't run the block. You probably want an `else` that also redirects. — Jonnix, Oct 16 '20 at 15:03
Oh, I thought if if ($_SESSION['reset-password-page'] != "reset-password") {.. then it will redirect as I am saying anything but reset-password, rediect — BruceyBandit, Oct 16 '20 at 15:05
It won't reach that second if because it's nested in the first one and the first one is false. — Jonnix, Oct 16 '20 at 15:06
You could try something like `if (!isset($_SESSION['reset-password-page']) || $_SESSION['reset-password-page'] != 'reset-password')` instead of both those ifs — Jonnix, Oct 16 '20 at 15:08
`header` location redirects should alwauys be followed by `exit`. — Martin, Oct 16 '20 at 15:13

score 2 · Accepted Answer · answered Oct 16 '20 at 15:18

To start with, delete echo var_dump($_SESSION['reset-password-page']);. This is output and will stop headers from working properly (see here for why).

Also you don't actually redirect when the session is empty. If there is no session, if(isset($_SESSION['reset-password-page'])) will be false and so won't run the block which includes your header redirect code. You probably want an else that also redirects.

Alternatively, you could try something like if (!isset($_SESSION['reset-password-page']) || $_SESSION['reset-password-page'] != 'reset-password') instead of both those if statements which will redirect if the session key's value is null or it's not null but also not reset-password.

score -1 · Answer 2 · edited Oct 16 '20 at 15:16

I use !empty (not empty) as we are destroying the session so when we refresh again code will goes to the else part. Can you please try again. You are comparing if ($_SESSION['reset-password-page'] != "reset-password") { } this as we destroy session this does not contain 'reset-password-page' value that's the main reason why your code is not working.

<?php
    session_start();
    
    echo var_dump($_SESSION['reset-password-page']);
    
    if(!empty($_SESSION['reset-password-page'])) {
      
    ?>
    
            <html>
            <head></head>
            <body>
                
            <div style="text-align: center; margin-top: 2em;">
    
            <img src="static/images/logo.png">
                
            <h2>TITLE</h2>
            
            <p class='success-msg'><i class='fa fa-check'></i> View your email to retrieve your new access code</p>
            
            <p><a href="login" class="linkcss" style="width:auto;"><b>Back To Online Course</b></a></p>
    
            </div>
            
            </body>
            </html>
            
    
    <?php
    } else {
        
          
           header("location: login");
          
          
    }
    session_destroy();
     
     ?>

John Michael Manlupig · Answer 3 · 2020-10-16T15:13:59.607

-1

Using isset() on a NULLvalue will return false in PHP.

Try:

<?php
session_start();

echo var_dump($_SESSION['reset-password-page']);

if(array_key_exists('reset-password-page', $_SESSION))
  if ($_SESSION['reset-password-page'] != "reset-password") {
  
   header("location: login");
  
   }
?>

edited Oct 16 '20 at 15:13

answered Oct 16 '20 at 15:05

John Michael Manlupig

139
1
8

Not being redirected to a page after destroying session in php

3 Answers3