tags:

views:

307

answers:

3
+1  Q: 

PHP $_SESSION not working as expected

I have a PHP website I'm maintaining and I've confirmed that this worked at one point.

We have a website utilizing a login system which stores a logged in user's information in a $_SESSION['user'] variable. The site used to log out the user when clicking /logout.php which essentially removed that portion of the session, then header() redirected to the homepage.

As of recently, the /logout.php file with session_start() at the top somehow doesn't see the session information when print_r() is used to output it for debugging purposes.

If I go to another page, I see the session info just fine, but not on the logout page...which is exactly why I cannot remove the session info, because it's not accessible.

I thought $_SESSION was global on the site until the browser was closed. I've never had this happen and I know the session instance was started on this page, so it's weird that it's not showing me the session data.

Any ideas? I'm totally stumped on this one!

Code: /logout.php

<?
#session_start() is inside this file
require_once($_SERVER['DOCUMENT_ROOT'].'/includes/config.php');

unset($_SESSION['user']);
header("location: /");
exit();
?>

The checking of $_SESSION['user'] is site-wide and I call to various items below it when needed for different things. Someone else built this site and I'm trying to debug why it's not working for them all of a sudden.

A: 

Are you accessing logout.php from the same exact domain that you set the session to begin with (i.e. example.com vs. www.example.com/logout.php)

As for just unsetting specific session data, it would be best to call session_destroy() and then unset your cookies to kill the session.

jasonbar  2010-03-02 02:13:44
The session is used by other aspects of the website.Yes, I believe I'm still within the same domain. I hadn't thought about that, but I believe we're in the clear on that. The user profile area might be:https://www.domain.com/profile/...with logout being sent to /logout.php as...https://www.domain.com/logout.phpSo they're staying within the same domain root with https the entire time.
Will Ashworth  2010-03-02 02:16:10
@Will Ashworth: Can you post your logout.php code in your question?
jasonbar  2010-03-02 02:18:55
At this time, I only have this...<?php session_start(); print_r($_SESSION); print_r($_SERVER); exit();?>Mainly because I'm attempting to debug. I see the server output, but no $_SESSION info being output. If I migrate to another page with the same code, I see the details of the session as expected.Thanks for your help :)
Will Ashworth  2010-03-02 02:29:21
Geez. Am I able to type code so it looks right instead of wrapping onto one line? LOL
Will Ashworth  2010-03-02 02:29:43
@Will, yes, but only in questions and answers. the comment area isn't intended for complex structures. Try editing your original question and adding the code there (note, code should be indented by 4 spaces on each line)
Jonathan Fingland  2010-03-02 03:18:06
Thanks. Now I'll know to share the code in the original next time.
Will Ashworth  2010-03-02 03:48:35
Still nothing. Any ideas are welcome :(
Will Ashworth  2010-03-02 18:24:51
@Will Ashworth: Are you using the same require/include on all of your pages? What happens if instead of that include you just do `session_start()` in the logout script?
jasonbar  2010-03-02 18:46:37
I tried that as well. No luck. The only things in there are...session_start(); print_r($_SESSION); exit();
Will Ashworth  2010-03-02 19:49:36
+1  A: 

If the domain/subdomain is the same as the rest of the page, I would say this sounds like a typical session vs. output error. Make sure you have enabled all errors, and display them, as you might have printed output to the client before calling session_start(). This will break the function and making sessions unavailable.

To fix the problem(if it is the case), you should remove all output before session_start. Even a space before <?php will be considered output by Apache(and other). Also make sure you have disabled BOM(Byte Order Mark) in the document(any decent editor will let you change this, just look for something like "Current file setings").

tdolsen  2010-03-11 14:42:21
A: 

Always remember the first line of your PHP code should be session_start(); and nothing else. If all your going to do is unset the session variables and destroy the session, Try removing the require_once($_SERVER['DOCUMENT_ROOT'].'/includes/config.php'); and add the session_start() and the session_destroy() at the end of the logout.php file and see if it works.

Joey Ezekiel  2010-03-16 15:34:40

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases