Not getting logged out

PHP
1

So, in my index.php where I have most of my HTML code, I have mentioned right at the top the following:

<?php
session_start();
?>

And when a user clicks on logout button, I am directing them to the logout.php page which contains the following:

<?php
session_start();
if(session_destroy())
{

header("Location: index.php");
}
?>
//echo 'You have been logged out.<a href="/">Go Back</a> ';

However, it doesn’t seem to logging out the user. The above script just takes me to the index.php page with user already logged in. Please let me know what’s wrong I am doing?

2

You must add something like this:

if(isset($_POST['name_of_button'])){
     session_destroy();
     header("Location: index.php");

}
3

Hi @liontas76

I have something like this for Logout in my HTML

<li><a title="Logout" name ="logoutOption" href="logout.php"><i class="fa fa-user whiteIcon"></i>&nbsp;&nbsp;<span id="userName"><?php echo($_SERVER["REMOTE_USER"])?> </span></a></li>

Is it a correct way to specify the name as I have done above? Thanks

4

I recently had a bit of trouble with SESSIONs for a localhost script I wrote for my own personal use where SESSION arrays weren’t being emptied until a page refresh.
* read - not secure for production use on a live site

This is what I came up with that “works”

<?php
session_start();
 ⋮
if  ( ($_SERVER['REQUEST_METHOD'] === "GET") 
    && isset($_GET['clear']) )  {
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}
  session_destroy();
  header('Location: http://localhost/random-localhost-member.php');
  exit;
}

I can’t stress strongly enough if you use this, put better validation and sanitation checks in.

5

Jack
The problem is that when you click the link you must have 2 things
The first thing is to destroy the session
The second to redirect to index.php.

So you must use isset to do this (my opinion).
The isset() function returns a Boolean value.

So i recommended to use submit button or if you want to have herf you must use something like this:

<li><a title="Logout" name ="logoutOption" href="logout.php?pageSet=true"><i class="fa fa-user whiteIcon"></i>&nbsp;&nbsp;<span id="userName"><?php echo($_SERVER["REMOTE_USER"])?> </span></a></li>

and then

if (isset($_GET['pageSet']))
{

session_destroy();
     header("Location: index.php");
}
6

Hi @liontas76

Thanks again. I did the following in my logout.php page after changing the li tag as you mentioned but it didn’t seem to make any difference:


<?php
session_start();
if (isset($_GET['pageSet']))
{

session_destroy();
     header("Location: index.php");
}


//if(session_destroy())
//{

//header("Location: index.php");
//}
?>
//echo 'You have been logged out.<a href="/">Go Back</a> ';
8

I have seen problems with destroying sessions like this in logout. It may help to explicitly empty the session array.

$_SESSION = array(); // empty array
session_destroy();
9

Thanks. You mean, instead of

<?php
session_start();
if (isset($_GET['pageSet']))
{

session_destroy();
     header("Location: /");
}
?>

I should try changing it to following?

<?php
session_start();
$_SESSION = array(); // empty array
session_destroy();
?>
10

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.