log out function not working (session not killed)

function killsession()
{
  //  global $_SESSION;
    $_SESSION = array();
    if (session_id() != "" || isset($_COOKIE[session_name()])) {
        setcookie(session_name(), '', time() - 42000, '/');
    }
    session_unset();
    session_destroy();
    header("Location: "index");

}

Any ideas why $_SESSION['userid'] still stands after I run this function? I literally stay logged in.

Session name and start() is set at the top of every page.

Answers


As found on the PHP session_destroy() manual:

session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

Example directly from PHP Manual:

<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Finally, destroy the session.
session_destroy();
?>

Applying this example to your function:

function killsession()
{
  // start the session, if started before, comment
  session_start();

  // Unset all of the session variables. 
  $_SESSION = array();

  // destroy the session, and not just the session data!
  if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
  }

  // destroy the session.
  session_destroy();

  // direct user
  header("Location: index.php");
}

Consider this two session variables:

$_SESSION['userid']=25;
$_SESSION['userName']='Super BuBu';

The output for print_r($_SESSION);, will be:

Array ( [userid] => 25 [userName] => Super BuBu )

After calling the killsession() function, the output will be:

Array ( );

See this working example. Errors are suppose to appear in this environment due to previous outputs and headers being performed by the print_r and session interactions.


Try just

 function killsession() {
     unset($_SESSION['userid']);
     session_destroy();
     header("Location: "index");

 }

Need Your Help

REST service semantics; include properties not being updated?

json rest service asp.net-web-api

Suppose I have a resource called Person. I can update Person entities by doing a POST to /data/Person/{ID}. Suppose for simplicity that a person has three properties, first name, last name, and a...

Nexus / Maven - The POM for ... is missing, no dependency information available

java maven pom.xml nexus

I'm facing a bunch of warnings like "The POM for ... is missing, no dependency information available" while building my maven java project.