Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New Coder
    Join Date
    Jan 2011
    Posts
    42
    Thanks
    5
    Thanked 0 Times in 0 Posts

    clearing session variables

    I'm trying to set up a time out so the user is logged out after a certain period of inactivity.

    However I'm getting a redirect loop error when the user is timed out, I've concluded this can only be because the $_SESSION['last_activity'] variable is still set after the user is logged out.

    So how do I clear the session?? I've included the code I'm using below, it looks good to me but isn't working..

    index.php
    PHP Code:
    <?php
    ob_start
    ();
    session_start();
    // store the current time
    $session_now time();
    // get the time the session should have expired
    $session_limit $session_now 60 20;
    // check the time of the last activity
    if (isset($_SESSION['last_activity']) && $_SESSION['last_activity'] < $session_limit) {
      
    // if too old, redirect
      
    $url BASE_URL 'logout.php'// Define the URL.
      
    header("Location: $url");
      exit();
    } else {
      
    // otherwise, set the value to the current time
      
    $_SESSION['last_activity'] = $session_now;
    }
    ?>
    logout.php
    PHP Code:
    <?php 
    // Logs out the logged in user and redirects to them to index.php
    require_once ('includes/config.inc.php');
    $page_title 'Login';

    $url BASE_URL 'index.php'// Define the URL.

    // If no user_id session variable exists, redirect the user:
    if(!isset($_SESSION['user_id'])) {
        
    $url BASE_URL 'index.php'// Define the URL.
        
    ob_end_clean();
        
    header("Location: $url");
        exit(); 
    // Quit the script.
    } else { // Log out the user.
        
    $_SESSION = array(); // Destroy the variables.
        
    session_destroy(); // Destroy the session.
        
    setcookie(session_name(), ''time()-300); // Replace the session cookie
        
    ob_end_clean();
        
    header("Location: $url");
        exit(); 
    // Quit the script.
    }
    ?>

  2. #2
    Master Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    5,151
    Thanks
    111
    Thanked 607 Times in 593 Posts
    I read somewhere that session destroy doesn't clear the session variables so you're best looping through the session array and setting everything to null.

    No idea what the point of session_destroy is when it doesn't destroy though..

    Something like this will kill your session completely:
    PHP Code:
    foreach($_SESSION as $Key => $Value)
       {
       
    $_SESSION[$Key] = null;
       unset(
    $_SESSION[$Key]);
       } 
    The session file will still exist but the its content will be void.
    Last edited by tangoforce; 07-26-2011 at 01:46 PM.
    Quote Originally Posted by deathshadow View Post
    So seriously, loosen up that tie, let out the belt, and try relating to normal people on the street instead of the gentleman's club crowd.


 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •