B Rad C B Rad C - 1 year ago 53
PHP Question

PHP $_SESSION variable will not unset

sorry for a repetitive question, I've seen a few of these on this forum but none of the responses worked for me...

I am building a basic login using php sessions, which I'm new at...

login.php validates html login form and begins a session, setting variables:


then each page that requires a valid login uses
require 'session.php';
which checks the
variable and redirects a user w/o proper login variable. The problem is when I logout neither session variable I've set will unset.

Right now my logout.php file uses about every method to destroy the variables that I've been able to find online and none will actually do it.

So whenever I log out, I can still access the 'private' pages.

Also note: I have tried it w/o a session name ex:
that didn't work so now I'm using

Also note: I am NOT using cookies.

Here are the files I mentioned:


$email=$_POST['email-log']; $pass=$_POST['password-log'];


{$i++; $path="users/".$i.".json";
$file= file_get_contents($path);
} while($x['email']!=$email);

if($hash != $truepass){$errors=$errors+1;}


header('Location: loginlanding.php');}

else{header('Location: front.php?error=y');}


session_start("user"); if($_SESSION['login'] !== "valid") {header('Location: front.php?needto=login');}


unset($_SESSION); unset($_SESSION['login']); unset($_SESSION['id']); session_unset("user"); $_SESSION=array(); session_destroy("user"); header('Location: front.php?logged=out');

Any and all responses are welcome and I thank you in advance, also note, I am new to logins in general so any advice to beef up security is welcome also. I'm planning on making it more secure, but first I need to get this basic functionality up and running.

Answer Source

You should never unset($_SESSION).

The easiest way to clear the $_SESSION variable is $_SESSION = Array();

However, you can also iterate with unset:

foreach(array_keys($_SESSION) as $k) unset($_SESSION[$k]);