I'm debugging a infinite loop problem in PHP in my "logout" routine.
if($_SESSION)
{
session_unset();
session_destroy();
}
sleep(1);
header('7location: http://accounts.DOMAIN.com/');
exit;
in my main / initial.inc.php script i have :-
$sess=0;
$sess=$_SESSION['loggedin'];
foreach($_SESSION as $asw => $asd)
{
$logrep.="SESSW '$asw' '$asd'\n";
}
if($sess>0)
{
if($sess<$ty)
{
$logrep.="is timed out - logging out\n";
header('Location: http://accounts.DOMAIN.com/logout/');
exit;
Theres a bit more code which i've taken out - but in my 'logout' script Ive got DESTROY / UNSET etc -
but when it redirects to my inward script, my sessions STILL EXIST ? - & then it determines i'm timed out, & redirects to my logout routine.
QUERY: is there a fool-proof way to remove / eliminate ALL sessions ?
QUERY :-
$previous_name = session_name("NAME");
session_save_path("$directory");
session_start();
Is there a php.ini line i can use, to replace session_name so that all/any PHP scripts are using the same name ? (just in case there are some scripts not using the named session.)
EDIT :-
If i use
session_unset();
session_destroy();
will it destroy ALL sessions ? or just the currently-named one ? (I suspect some of my scripts aren't using the named session)
Ps - scripts are in different directories / subdomains.
EDIT 2 :-
Ive now chanmged my script to :-
$sess=0;
$logrep.="SESS NOW '$sess'\n";
$logrep.=var_dump( $sess=$_SESSION['loggedin']);
$logrep.="SESSNOW2 - '$sess'\n\n\n";
$text.="Logged in time $sess\n";
$logrep.="\nSESS = $sess\n";
$temp2=time();
$temp1=($sess-$temp2);
$logrep.="IFF SESS $sess > TIME $time - TEMP $temp1\n";
if($sess>0)
{
- redirect to log out routine ....
(some code removed)
RESULT :-
OLD SESS - '1391680203'
SESS NOW '0'
SESSNOW2 - '1391680203'
Apparently, my sessions are NOT being deleted / removed.
I would guess that your file 'initial.inc.php' is included in the top of every scripts.
On your logged out page, you have :
session_unset(); session_destroy();
At this stage, your session is destroyed. Then you do
header('location: http://accounts.DOMAIN.com/ ');
Which executes 'initial.inc.php';
I assume that you have at the start of initial.inc.php 'session_start();, because you have
$sess=$_SESSION['loggedin'];
And it doesn't seems it throws a warning because of the session being missing. So your session is re-created in your initial.inc.php file.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.