3

I have a logout file for my web application. I would like to create a session after the logout so that I can echo a logout success message. My logout code works but I am unable to create a new session after destroying the previous one.

What is the best way to do this, see code:

//LOGOUT.PHP
session_start(); 

//// unset all $_SESSION variables
session_regenerate_id();
session_unset();
session_destroy();

$_SESSION['logoutsuccess'] = 'You have successfully logged out.';
header("Location: /login/");
exit;


//LOGIN.PHP (ECHO SUCCESS MESSAGE)

if(isset($_SESSION['logoutsuccess']))
{
echo '<div class="success">'.$_SESSION['logoutsuccess'].'</div>'; 
unset($_SESSION['logoutsuccess']);
}

I would like to avoid passing variables in the url if possible.

hairynuggets
  • 3,191
  • 22
  • 55
  • 90

4 Answers4

12

Call session_start() again after session_destroy()?

Ry-
  • 218,210
  • 55
  • 464
  • 476
  • 1
    This is the best approach for your specific question, but I still don't see why you don't just show the message on the LOGOUT.PHP page. – Watermark Studios Oct 20 '11 at 22:58
  • @WatermarkStudios I'm doing the same thing.. he's possibly doing the redirect to avoid form resubmission on refresh... http://stackoverflow.com/questions/6320113/how-to-prevent-form-resubmission-when-page-is-refreshed-via-php – Sarah Mar 18 '16 at 15:12
6

Just start a new session:

session_start();
session_destroy();
session_start();
$_SESSION['food'] = 'pizza';
antriver
  • 848
  • 1
  • 10
  • 21
3

Instead of trying to store it as a session variable, you could check the referer and check for /logout/

if(strpos($_SERVER['HTTP_REFERER'], 'logout')  !== false) {
  echo 'You have successfully logged out.';
}
Ben Rowe
  • 28,406
  • 6
  • 55
  • 75
-1
session_id($session_id_to_destroy);
session_start();
session_destroy();
session_commit();
Pang
  • 9,564
  • 146
  • 81
  • 122
Monogarm
  • 11
  • 2
  • 8
    Please explain your answer, what it does, why, how... something, also note that OP is from 2011 – gmo Jul 30 '14 at 21:31