Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 14 of 14
  1. #1
    New Coder
    Join Date
    Nov 2005
    Posts
    85
    Thanks
    22
    Thanked 0 Times in 0 Posts

    Close a session and keep some of the session variables

    How do I close a session and destroy most of the session variables whilst retaining a few chosen ones for use on another page?

    This code works except for the following warning due to a second call on session_start(); - ‘session_start() [function.session-start]: Cannot send session cache limiter - headers already sent’

    Can I do it without the warning? Thanks.

    Code:
    if ( isset ( $_SESSION['keep1'] )) {
       $keep1 = $_SESSION['keep1'];
       }
       if ( isset ( $_SESSION['keep2'] )) {
       $keep2 = $_SESSION['keep2'];
       }
          
       $_SESSION = array();
       
       session_destroy();
       
       session_start();
    
       if ( isset ($keep1)) {
       $_SESSION['keep1'] = $keep1;
       }
       if ( isset ($keep2)) {
       $_SESSION['keep2'] = $keep2;
       }
    Last edited by Martins; 02-22-2012 at 12:45 PM.

  • #2
    New Coder
    Join Date
    Feb 2012
    Posts
    18
    Thanks
    0
    Thanked 1 Time in 1 Post
    You cannot start a session in the middle of your code. session_start() must be the first thing after your <?php tag.
    If you want to destroy some data from your session use unset function.
    PHP Code:
    unset($_SESSION['valueToBeDeleted']; 
    Regards
    Mahdi Eftekhari
    Last edited by Mahdi Eftekhari; 02-22-2012 at 01:48 PM.

  • #3
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    You can destroy a session wherever you want since the cookie needs to be manually. You can't start a session if you have previous output though.
    Why destroy and recreate a session? Just unset what you don't need.

  • #4
    New Coder
    Join Date
    Nov 2005
    Posts
    85
    Thanks
    22
    Thanked 0 Times in 0 Posts
    Thanks Fou-Lu and Mahdi Eftekhari.

    The session variables are from a $_POST array created from a form so I would rather not address each variable individually.

    What's the difference between unset and destroy? Particularly from a security perspective.

  • #5
    New Coder
    Join Date
    Feb 2012
    Posts
    18
    Thanks
    0
    Thanked 1 Time in 1 Post
    when you destroy a session, your session is gone along with all the data stored in session. There is no session anymore (It may also delete cookies - Not sure on this one).
    When you unset a value in a session your value is gone but the session itself along with other values still exists and you can refer to them in other pages.
    Security wise it does not make any difference. You destroy or unset based on your coding requirement. Just keep in mind you can only start a session at the top of your code before anything sent to output.

  • #6
    New Coder
    Join Date
    Feb 2012
    Posts
    18
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by Martins View Post
    The session variables are from a $_POST array created from a form so I would rather not address each variable individually.
    Can you store these variables in an array and then with a foreach loop unset them.

    Regards
    Mahdi Eftekhari

  • #7
    New Coder
    Join Date
    Feb 2012
    Posts
    18
    Thanks
    0
    Thanked 1 Time in 1 Post
    Forgot to mention, there is also a session_unset() function which keeps your session and frees all variables.
    This is not useful if you want to keep some of your variables in your session. Just thought it is worth mentioning

    Regards
    Mahdi Eftekhari

  • #8
    Regular Coder
    Join Date
    Apr 2004
    Posts
    298
    Thanks
    0
    Thanked 23 Times in 23 Posts
    Is there some VALID reason why you NEED to unset/destroy those select session variables? In other words, what will it hurt if you simply ignore them?

  • #9
    New Coder
    Join Date
    Nov 2005
    Posts
    85
    Thanks
    22
    Thanked 0 Times in 0 Posts
    Thanks for the feedback guys.

    The variables I want to destroy are collected during completion of a form and are only meant to be there until the form is completed successfully. I don't want them retained after that for security reasons.

    The variables I want to keep are already there from a previous page and reused so long as the browser remains open. The problem is that if the user visits the page with the form on it they are lost.

    I have come to the conclusion that this can't be done (without the warning) unless I unset the form variables individually (or via a loop) and even then if I run session_destroy() they are lost.

  • #10
    New Coder
    Join Date
    Feb 2012
    Posts
    18
    Thanks
    0
    Thanked 1 Time in 1 Post
    I really did not get you on your last post. You want to keep them or you want to destroy them? because session_destroy() will delete all your session variables and you will have absolutely nothing. It's the same with session_unset().
    But if you want to keep some then you have to unset() the ones you don't want to keep.

    Could you put the code for your form and php which processes the form and highlight what exactly you want to achieve. I am sure there is a way to solve your problem I just did not get you - sorry.

    Regards
    Mahdi Eftekhari

  • #11
    Senior Coder Rowsdower!'s Avatar
    Join Date
    Oct 2008
    Location
    Some say it's everything.
    Posts
    2,027
    Thanks
    5
    Thanked 397 Times in 390 Posts
    Remember that the $_SESSION variable can hold arrays and not just simple string/int/etc. values.

    If you put all $_POST array form data into, say, $_SESSION['form_data'] then it is in one single place that you can access it from. Then unsetting the form data requires no loop and no extra steps. Just unset($_SESSION['form_data']); and it all goes away in one swoop without marring any of your other session data.

    The only thing you have to do for this is change your existing script that handles your $_POST data vis-a-vis the $_SESSION variable. You will have to drill down one step further, so something previously like this:
    PHP Code:
    $first_name $_SESSION['form_first_name']; 
    will change to this:
    PHP Code:
    $first_name $_SESSION['form_data']['form_first_name']; 
    The object of opening the mind, as of opening the mouth, is to shut it again on something solid. –G.K. Chesterton
    See Mediocrity in its Infancy
    It's usually a good idea to start out with this at the VERY TOP of your CSS: * {border:0;margin:0;padding:0;}
    Seek and you shall find... basically:
    validate your markup | view your page cross-browser/cross-platform | free web tutorials | free hosting

  • Users who have thanked Rowsdower! for this post:

    Martins (02-22-2012)

  • #12
    New Coder
    Join Date
    Nov 2005
    Posts
    85
    Thanks
    22
    Thanked 0 Times in 0 Posts
    Thanks Rowsdower.

    I accept that this is the correct way to do it. I thought there might be an easier way.

    Problem is that I have to rewrite the script a fair bit because the variables are used to repopulate the form when necessary.

    For example, I amended this function to include 'form_data' as a new level and now have an error on the echo line
    - unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING.

    PHP Code:
    function restore_text$_SESSION$name$control$session_name )
    {
       if(isset(
    $_SESSION['form_data'][$name])) {
          if(
    $control == $session_name ) {
          echo 
    "$_SESSION['form_data'][$name]";  
         }
       } 

    From a security perspective, I still would not be able to destroy the session. Maybe this doesn't matter?

    Cheers.

  • #13
    Senior Coder Rowsdower!'s Avatar
    Join Date
    Oct 2008
    Location
    Some say it's everything.
    Posts
    2,027
    Thanks
    5
    Thanked 397 Times in 390 Posts
    Remove the quotes around your echo'ed stuff in that code blurb and it will work out fine.
    The object of opening the mind, as of opening the mouth, is to shut it again on something solid. –G.K. Chesterton
    See Mediocrity in its Infancy
    It's usually a good idea to start out with this at the VERY TOP of your CSS: * {border:0;margin:0;padding:0;}
    Seek and you shall find... basically:
    validate your markup | view your page cross-browser/cross-platform | free web tutorials | free hosting

  • #14
    New Coder
    Join Date
    Nov 2005
    Posts
    85
    Thanks
    22
    Thanked 0 Times in 0 Posts
    Thank you.


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •