Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New Coder
    Join Date
    Jan 2011
    Posts
    42
    Thanks
    5
    Thanked 0 Times in 0 Posts

    clearing session variables

    I'm trying to set up a time out so the user is logged out after a certain period of inactivity.

    However I'm getting a redirect loop error when the user is timed out, I've concluded this can only be because the $_SESSION['last_activity'] variable is still set after the user is logged out.

    So how do I clear the session?? I've included the code I'm using below, it looks good to me but isn't working..

    index.php
    PHP Code:
    <?php
    ob_start
    ();
    session_start();
    // store the current time
    $session_now time();
    // get the time the session should have expired
    $session_limit $session_now 60 20;
    // check the time of the last activity
    if (isset($_SESSION['last_activity']) && $_SESSION['last_activity'] < $session_limit) {
      
    // if too old, redirect
      
    $url BASE_URL 'logout.php'// Define the URL.
      
    header("Location: $url");
      exit();
    } else {
      
    // otherwise, set the value to the current time
      
    $_SESSION['last_activity'] = $session_now;
    }
    ?>
    logout.php
    PHP Code:
    <?php 
    // Logs out the logged in user and redirects to them to index.php
    require_once ('includes/config.inc.php');
    $page_title 'Login';

    $url BASE_URL 'index.php'// Define the URL.

    // If no user_id session variable exists, redirect the user:
    if(!isset($_SESSION['user_id'])) {
        
    $url BASE_URL 'index.php'// Define the URL.
        
    ob_end_clean();
        
    header("Location: $url");
        exit(); 
    // Quit the script.
    } else { // Log out the user.
        
    $_SESSION = array(); // Destroy the variables.
        
    session_destroy(); // Destroy the session.
        
    setcookie(session_name(), ''time()-300); // Replace the session cookie
        
    ob_end_clean();
        
    header("Location: $url");
        exit(); 
    // Quit the script.
    }
    ?>

  • #2
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,344
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    I read somewhere that session destroy doesn't clear the session variables so you're best looping through the session array and setting everything to null.

    No idea what the point of session_destroy is when it doesn't destroy though..

    Something like this will kill your session completely:
    PHP Code:
    foreach($_SESSION as $Key => $Value)
       {
       
    $_SESSION[$Key] = null;
       unset(
    $_SESSION[$Key]);
       } 
    The session file will still exist but the its content will be void.
    Last edited by tangoforce; 07-26-2011 at 01:46 PM.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •