Is there a way to see what is stored in the variables in my SESSION?
I have Firebug, but can’t find a way to view the Session data?!
I also tried looking in FireFox’s Web Developer Toolbar, but no luck?! :-/
Thanks,
Debbie
Sessions are stored server side. So you would have to make a script that outputs them to the browser to see them.
Typically print_r the $_SESSION i guess?
This seems to work…
session_start();
echo '<p>' . print_r($_SESSION) . '</p>';
…although it would be nicer if I could use a tool like FireBug.
Thanks,
Debbie
Can you help me figure out what is wrong with my Log-Out script?
Here it is…
<?php //Build Date: 2011-12-25
// Initialize a session.
session_start();
// Access Constants
require_once('../config/config.inc.php');
// Log Out User.
$_SESSION['loggedIn'] = FALSE;
// Redirect User.
if (isset($_SESSION['returnToPage'])){
header("Location: " . BASE_URL . $_SESSION['returnToPage']);
}else{
// Take user to Home Page.
header("Location: " . BASE_URL . "index.php");
}
session_unset();
session_destroy();
$_SESSION = array();
// Erase Session Cookie Contents.
// setcookie(session_id(), "", time() - 3600);
setcookie("PHPSESSID", "", time() - 3600);
// End script.
exit();
?>
When I log in I see something like this…
print_r(\\$_SESSION) =
Array
(
[returnToPage] => //index.php
[memberID] => 24
[memberFirstName] => Debbie
[loggedIn] => 1
)
print_r(\\$_COOKIE) =
Array
(
[PHPSESSID] => 4bf54ca2d5b134ea841bab146ba22965
)
And after I log out, I still see this…
print_r(\\$_SESSION) =
Array
(
[returnToPage] => //pages/interview_index.php
)
print_r(\\$_COOKIE) =
Array
(
[PHPSESSID] => 4bf54ca2d5b134ea841bab146ba22965
)
And even if I close the browser window and then go back in, I still see this…
print_r(\\$_SESSION) =
Array
(
[returnToPage] => //pages/interview_index.php
)
print_r(\\$_COOKIE) =
Array
(
[PHPSESSID] => 4bf54ca2d5b134ea841bab146ba22965
)
The logging in/logging out seems to be working (e.g. “Welcome, Debbie!!” appears at the correct times), but this whole Session/Cookie thing is driving me crazy?! :headbang:
Debbie
You unset the session, then destroy it,finally access it and set it to an empty array, after destroying it?
Try putting destroy last?
For deleting the cookie, try an if statement to see if it returns false?
Ideal user can not saw the session’s value on their browser sine, Sessions are stored server side.
However, you would have to make a script as mentioned below and upload the same file on the server to outputs them to the browser to see them.
<?php session_start();
echo ‘<pre>’;
print_r($_SESSION);
echo ‘</pre>’;?>
It’s because you redirecting user to a new location before unsetting the session.
Also session_unset() is unnecessary in your case since you calling session_destroy()
And lastly, you absolutely do not see to manually send out session cookie,
so remove this line
setcookie(“PHPSESSID”, “”, time() - 3600);
it’s not really a source of problem but it’s totally unnecessary and actually could be a problem in some cases.
Looks like I was wrong about sending out cookie. Documentation on php.net has an example of how to logout a user and they do manually send a cookie.
Example is here http://us3.php.net/session_destroy
I personally don’t manually send out the session cookie because what’s the harm of user still having a cookie is there is nothing in the $_SESSION for their session id.
Ultra1 likely nails your problem.
In future write and explicit exit() after doing a header redirect, it is best practice in any case, plus it is absolutely obvious to anyone reading the script (including you 
) what is going on.
$loc = "index.php"; // seems to be the default destiny, so set it here
if (isset($_SESSION['returnToPage'])){
$loc = $_SESSION['returnToPage'];
}
header("Location: " . BASE_URL . $loc);
exit();
Maybe that simplifies the if/else code for you, its up to you, just an alternative view.
Just to say, many will bother to log out in any case.
Cups and Ultra1,
Nothing personal, but there was a breakdown in English there!! 
Is this what you guys wanted me to do…
<?php //Build Date: 2011-12-29
// Initialize a session.
session_start();
// Access Constants
require_once('../config/config.inc.php');
// Log Out User.
$_SESSION['loggedIn'] = FALSE;
// Redirect User.
if (isset($_SESSION['returnToPage'])){
$returnToPage = $_SESSION['returnToPage'];
}else{
$returnToPage = "index.php";
}
session_unset();
session_destroy();
$_SESSION = array();
// Erase Session Cookie Contents.
setcookie("PHPSESSID", "", time() - 3600);
header("Location: " . BASE_URL . $returnToPage);
// End script.
exit();
?>
Debbie
Looks good now. Have you tried it? Have it solved your issue? Again, I think calling session_unset() before session_destroy() is unnecessary, just an extra function call, so commenting it out and see if your code works the same, if it does then remove unnecessary function.
Also it’s better not to hard code the cookie name “PHPSESSID”, instead replace it with session_name()
This is how they recommend doing it on official php documentation:
if (ini_get(“session.use_cookies”)) {
$params = session_get_cookie_params();
setcookie(session_name(), ‘’, time() - 42000,
$params[“path”], $params[“domain”],
$params[“secure”], $params[“httponly”]
);
}
Logging out works as far as my site is concerned, however the problem of a Session Cookie (with a Session ID) remaining after “Log Out” still exists?!
Debbie
Does your landing page (the one you redirect to after logging out) reinitialise a PHP session? If so, that’s where the new session cookie is coming from.
Before I answer that…
I am on a MacBook running MAMP.
Anyway to find out where my Session Cookies are being stored so I can physically see if they are there and if so what is inside of each?
Debbie
Look in your php.ini file, that should tell you where they go, if not they may default to some temp folder on macs, not sure.
Start a new session, go to the folder, select last updated file and click to edit it in your fave text editor.
On opening you’ll see a text file which is a human-readable serialized array of values.
In Applications/MAMP/tmp/php I see Session files, but I don’t believe those are Session Cookies…
This whole “Where is the Session Cookie” and “Is the Session Cookie being cleaned out and/or erased” is driving me nuts?! :headbang:
I hate to say it, but back in the old days it was so much easier to find Cookies on my Windows pc and use them to figure out what was going on with my code.
Debbie
The location of your cookies is determined by your browser, it generates/persists them.
I looked in Library/Firefox/Profiles/xxxxx.default/
And I see…
cookies.sqlite
cookies.sqlite-shm
cookies.sqlite-wal
I tried opening the first one up in TextWrangler but the file contents are pretty nonsensical.
I also tried searching for “PHPSESSID”, but couldn’t find any such named files… :-/
Debbie
SORRY, you are looking for cookies not the session files. I misread your post.
Mostly I install a browser-specific cookie reader which lives on my browsers status bar.