Managing Users With PHP Sessions & MYSQL

**bazgow** · Oct 15, 2003 04:53

Hi

I have followed your tutorial explaining 'Managing Users With PHP Sessions & MYSQL'. It is an excellent tutorial and I have edited it to fit in with my requirements, it works fine except for one problem. I have tried to include a logout button on my pages and this button links to a page called logout.php.

Logout.php contains the following code:

<?
$_SESSION = array();
session_destroy();
?>

When i click the button i get the following error:

Warning: Trying to destroy uninitialized session

i cant figure out how the session is uninitialized when i have logged in and it wont let me login unless i enter the user details into the sessions.

hope you can help

maybe i need to set a session name or something? to open the session i am using session_start();
where would i set the session name in this statement?

Thanking you in advance
any suggestions will be greatfully received

**marylin77** · Oct 15, 2003 05:34

Where is this tutorial?
I am interested in it, too :]

**AWilliams** · Oct 15, 2003 05:36

I think, by doing $_SESSION = array(); you're destroying the session data. Therefore when you come to running session_destroy(), PHP see's no session.

Try swapping the order of these two lines and see what happens.

Edit:

The article is at http://www.sitepoint.com/article/319

Edit:

Another edit: Just taken a look at the code - I'm probably wrong

**Toly** · Oct 15, 2003 05:38

You didn't include the session_start();

PHP Code:


<?php
session_start();
$_SESSION = array();
session_destroy();
?>

**Toly** · Oct 15, 2003 05:43

Originally Posted by marylin77

Where is this tutorial?

http://www.sitepoint.com/article/319

**bazgow** · Oct 15, 2003 05:54

Thanks for th assisstance people
(Toly) I have included session_start, just not in the logout file?
it is included on the login type pages so the session has been created. all i want to do is destroy it now.

**Toly** · Oct 15, 2003 06:00

You need to include the session_start(); in the logout.php file too. Just like I have it in the post above. If you don't include it in the logout.php file, php won't be able to destroy anything since it won't recognize any session.

session_start(); not only starts a session, it also continues a session that has been already started.

**bazgow** · Oct 15, 2003 06:11

Thanks very much for explaining that
Im sooo stupid
Sorry i read that in the tutorial but didn't take it in!

thanks again

**bazgow** · Oct 15, 2003 06:15

It does log me out BUT i get this error also
Any ideas?

Warning: Cannot send session cache limiter - headers already sent (output started at logout.php:12)

**Toly** · Oct 15, 2003 06:26

Hmmm... Are you using any headers in the logout.php file to redict to somewhere else perhaps?

This is what I've always used on my logout.php file:

PHP Code:


<?php
session_start();
$_SESSION = array();
session_destroy();
header("Location: url to redirect here" ); // redirects to my login page 
exit;
?>

**bazgow** · Oct 15, 2003 06:47

hmmm

i just tried that and got this error

Warning: Cannot send session cache limiter - headers already sent (output started at /usr/local/home/httpd/vhtdocs/hfta/hqn/admin/logout.php:11) in /usr/local/home/httpd/vhtdocs/hfta/hqn/admin/logout.php on line 13

Warning: Cannot add header information - headers already sent by (output started at logout.php:11) in logout.php on line 16

if i then visit the protected pages i need to login so the logout works...just these annoying errors that seem to get in the way. it doesnt redirect to the given page i guess cos it cant add the header.

and i have no idea what a session cache limiter is!

the code on my logout page is:

<html>
<head>
<title></title>
</head>
<body bgcolor="#ffffff">
<?
session_start();
$_SESSION = array();
session_destroy();
header("Location: http://www......myloggedoutpage.php" );
exit;
?>
You are now logged out


<a href="protectedpage.php">pro1</a>
<a href="protectedpage2.php">pro2</a>
</body>
</html>

**Toly** · Oct 15, 2003 07:01

session_start(); must be at the beginning of the page before anything else and that goes the same for header, it needs to go before any html is output.

Try this:

PHP Code:


<?php
session_start();
$_SESSION = array();
session_destroy();
?>
<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta Http-Equiv="Refresh" content="2;url=your url here">
</head>
<body>
You are now logged out... You will be Redirected to the login page.
</body>
</html>

**bazgow** · Oct 15, 2003 07:09

sorry if this is getting boring for you
i really appreciate your assistance

i pasted the code you just gave me over my old logout file (and changed the redirect url)
and again the same error

Warning: Cannot send session cache limiter - headers already sent (output started at logout.php:1) in logout.php on line 2

i dont understand cos i havent sent any headers
i searched thru all of the files for the text 'header' and it came back blank so nowhere have i tried to send headers...

**Helge** · Oct 15, 2003 07:11

Hi.
Do not hav anything before the first <?php . Even a space will send a header/something to the browser.

-HELge

**Toly** · Oct 15, 2003 07:15

Yeah, you shouldn't leave any space after the <?php, I forgot to mention that.

**bazgow** · Oct 15, 2003 07:21

thats fantastic
it works great now

thanks for all of your help Toly / Helge
I know where to come in future for php asisstance, you guys are ace

cheers

hope you have a nice afternoon

Bazgow

**Toly** · Oct 15, 2003 07:21

Cool... Glad it worked.

**marylin77** · Oct 15, 2003 15:27

I have read all the article and it is very interesting, but i have a question :]
The same goal of managing users with php and mysql could have done without sessions...I mean...only checking the password and the userid in the database and then access the restricted areas.
Is it possible?
Am I wrong?
I don't get to see the usefulness of sessions...:[

**Toly** · Oct 15, 2003 16:18

The other way I know off would be with cookies but not everybody has their browser set to accept cookies.

**bazgow** · Oct 16, 2003 01:09

I did it with cookies before
I think one advantage/disadvantage! of sessions is that they time out. I also think they are stored where you want them to be which makes hacking them harder as they are not always in the same place. But as you say it is possible with cookies - when i did this b4 i used a logincheck at the top of all pages that required logging in-this matched the cookies to the database. I dont see what is wrong with this either except for the possibility of hacking...i could be well wrong tho!!

**Gaheris** · Oct 16, 2003 06:50

Um, sessions are made to time out.

Session are there to pass along data in a user session. If you're looking for a "stay-logged-in" feature then you need cookies.

**Toly** · Oct 16, 2003 08:08

Of course you could set up sessions to not timeout if you had access to the php.ini file.

**marylin77** · Oct 16, 2003 10:35

Originally Posted by Toly

The other way I know off would be with cookies but not everybody has their browser set to accept cookies.

Here, in http://es.php.net/session it is explained how session id is propagated.
In short:
There are two methods to propagate a session id:

Cookies

URL parameter

Does the article use cookies, doesn´t it?
Regards from Spain.

User Tag List

Thread: Managing Users With PHP Sessions & MYSQL

Thread Tools

Display

Managing Users With PHP Sessions & MYSQL

Bookmarks

Bookmarks

Posting Permissions