stackoom
  简体   繁体   中英

PHP sessions in HTACCESS - timeout

 原文  2014-02-06 07:25:41       php/ .htaccess/ session

Question

I'm debugging a infinite loop problem in PHP in my "logout" routine. 

if($_SESSION)
{
    session_unset();
    session_destroy();
}
sleep(1);
header('7location: http://accounts.DOMAIN.com/');
exit;

in my main / initial.inc.php script i have :- 

$sess=0;
$sess=$_SESSION['loggedin'];
foreach($_SESSION as $asw => $asd)
{
    $logrep.="SESSW '$asw' '$asd'\n";
}

if($sess>0)
{
    if($sess<$ty)
    {
        $logrep.="is timed out - logging out\n";
        header('Location: http://accounts.DOMAIN.com/logout/');
        exit;

Theres a bit more code which i've taken out - but in my 'logout' script Ive got DESTROY / UNSET etc -

but when it redirects to my inward script, my sessions STILL EXIST ? - & then it determines i'm timed out, & redirects to my logout routine.

QUERY: is there a fool-proof way to remove / eliminate ALL sessions ?

QUERY :- 

$previous_name = session_name("NAME");
session_save_path("$directory");
session_start();

Is there a php.ini line i can use, to replace session_name so that all/any PHP scripts are using the same name ? (just in case there are some scripts not using the named session.)

EDIT :-

If i use 

    session_unset();
    session_destroy();

will it destroy ALL sessions ? or just the currently-named one ? (I suspect some of my scripts aren't using the named session)

Ps - scripts are in different directories / subdomains.

EDIT 2 :-

Ive now chanmged my script to :- 

     $sess=0;
     $logrep.="SESS NOW '$sess'\n";
     $logrep.=var_dump( $sess=$_SESSION['loggedin']);
     $logrep.="SESSNOW2 - '$sess'\n\n\n";
     $text.="Logged in time $sess\n";
     $logrep.="\nSESS = $sess\n";
     $temp2=time();
     $temp1=($sess-$temp2);
     $logrep.="IFF SESS $sess > TIME $time - TEMP $temp1\n";
     if($sess>0)
     {
       - redirect to log out routine ....

(some code removed)

RESULT :- 

    OLD SESS - '1391680203'
    SESS NOW '0'
    SESSNOW2 - '1391680203'

Apparently, my sessions are NOT being deleted / removed.

1 answers

solution1
 0  2014-02-06 07:36:41

I would guess that your file 'initial.inc.php' is included in the top of every scripts.

On your logged out page, you have :

session_unset(); session_destroy();

At this stage, your session is destroyed. Then you do

header('location: http://accounts.DOMAIN.com/ ');

Which executes 'initial.inc.php';

I assume that you have at the start of initial.inc.php 'session_start();, because you have 

$sess=$_SESSION['loggedin'];

And it doesn't seems it throws a warning because of the session being missing. So your session is re-created in your initial.inc.php file.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PHP Sessions , Timeout and tracking session timeout in php code and in htaccess? User authentication via sessions in PHP, is .htaccess necessary? Extending session timeout in PHP via the .htaccess timeout in php, is there any other way than using sessions? Php sessions don't work after htaccess rewriterule PHP Sessions disappear on htaccess redirect condition - In Chrome only PHP: Sessions inside sessions? Sessions in PHP 7 Sessions for PHP
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM