1

I have a PHP website I'm maintaining and I've confirmed that this worked at one point.

We have a website utilizing a login system which stores a logged in user's information in a $_SESSION['user'] variable. The site used to log out the user when clicking /logout.php which essentially removed that portion of the session, then header() redirected to the homepage.

As of recently, the /logout.php file with session_start() at the top somehow doesn't see the session information when print_r() is used to output it for debugging purposes.

If I go to another page, I see the session info just fine, but not on the logout page...which is exactly why I cannot remove the session info, because it's not accessible.

I thought $_SESSION was global on the site until the browser was closed. I've never had this happen and I know the session instance was started on this page, so it's weird that it's not showing me the session data.

Any ideas? I'm totally stumped on this one!

Code: /logout.php

<?
#session_start() is inside this file
require_once($_SERVER['DOCUMENT_ROOT'].'/includes/config.php');

unset($_SESSION['user']);
header("location: /");
exit();
?>

The checking of $_SESSION['user'] is site-wide and I call to various items below it when needed for different things. Someone else built this site and I'm trying to debug why it's not working for them all of a sudden.

Improve this question
2
  • FYI - I can see other environment variables on this logout.php page correctly like $_SERVER[] and others. I just cannot seem to access the $_SESSION[] variable for some reason. It's really weird. Commented Mar 2, 2010 at 2:12
  • could you provide the code used to session_start() (and around), as well as the code accessing $_SESSION['user'] for both working and non-working (logout.php) pages? Commented Mar 2, 2010 at 2:13

3 Answers 3

Reset to default
3

If the domain/subdomain is the same as the rest of the page, I would say this sounds like a typical session vs. output error. Make sure you have enabled all errors, and display them, as you might have printed output to the client before calling session_start(). This will break the function and making sessions unavailable.

To fix the problem(if it is the case), you should remove all output before session_start. Even a space before <?php will be considered output by Apache(and other). Also make sure you have disabled BOM(Byte Order Mark) in the document(any decent editor will let you change this, just look for something like "Current file setings").

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

Always remember the first line of your PHP code should be session_start(); and nothing else. If all your going to do is unset the session variables and destroy the session, Try removing the require_once($_SERVER['DOCUMENT_ROOT'].'/includes/config.php'); and add the session_start() and the session_destroy() at the end of the logout.php file and see if it works.

Improve this answer

Comments

0

Are you accessing logout.php from the same exact domain that you set the session to begin with (i.e. example.com vs. www.example.com/logout.php)

As for just unsetting specific session data, it would be best to call session_destroy() and then unset your cookies to kill the session.

Improve this answer

8 Comments

The session is used by other aspects of the website. Yes, I believe I'm still within the same domain. I hadn't thought about that, but I believe we're in the clear on that. The user profile area might be: domain.com/profile ...with logout being sent to /logout.php as... domain.com/logout.php So they're staying within the same domain root with https the entire time.
@Will Ashworth: Can you post your logout.php code in your question?
At this time, I only have this... <?php session_start(); print_r($_SESSION); print_r($_SERVER); exit(); ?> Mainly because I'm attempting to debug. I see the server output, but no $_SESSION info being output. If I migrate to another page with the same code, I see the details of the session as expected. Thanks for your help :)
Geez. Am I able to type code so it looks right instead of wrapping onto one line? LOL
@Will, yes, but only in questions and answers. the comment area isn't intended for complex structures. Try editing your original question and adding the code there (note, code should be indented by 4 spaces on each line)
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.