PHP session destroy Trying to destroy uninitialized session

0
votes

I've read several topics like:

Error — session_destroy() — Trying to destroy uninitialized session, Warning: session_destroy(): Trying to destroy uninitialized session, Warning: session_destroy(): Trying to destroy uninitialized session with phpCas

And none of them help me.

public function forbidden(){
    if(!isset($_SESSION)){ session_start(); }

    if(!isset($_SESSION['email']) || !isset($_SESSION['id'])){
        $this->error_404();
    }else{

        if(!isset($_COOKIE['data'])){
            session_destroy();
            $this->error_404();
        }

        if($_COOKIE['data'] != sha1($_SESSION['email'])){
            session_destroy();
            unset($_COOKIE["data"]);
            setcookie("data", false, time() - 3600, '/');
            $this->error_404();
        }
    }
}

Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session

I do receive that error on the second session_destroy();, the session is initialized so I don't get it?

3
phpsession

3 Answers

0
votes

Read This Answers of this question on stackoverflow
why session destroy not working
put this code in first and End of Your php File

<?php
ob_start();
?>
Your Code Here...
<?php
ob_flush();
?>


Your calling session_destroy() twice.
Or Removed All Sessions on server...

0
votes

The problem is that you call session destroy twice. If $_COOKIE['data'] is not set, then $_COOKIE['data'] != sha1($_SESSION['email']) will return false as well and it will try to destroy the session again.

    if(!isset($_COOKIE['data'])){
        session_destroy();
        $this->error_404();
    }

    if($_COOKIE['data'] != sha1($_SESSION['email'])){
        session_destroy();
        unset($_COOKIE["data"]);
        setcookie("data", false, time() - 3600, '/');
        $this->error_404();
    }

Make the checks on in another

     if($_COOKIE['data'] != sha1($_SESSION['email'])){
        if(!isset($_COOKIE['data'])){
        session_destroy();
        $this->error_404();
        }
        else
        {
        unset($_COOKIE["data"]);
        setcookie("data", false, time() - 3600, '/');
        session_destroy();
        $this->error_404();
        }
    }

If the cookie data is not valid, it may be because there is no cookie. This way, if it's not valid, it checks if it exists. If it does exist and it's not valid, it does something. If it doesn't, it does something else.

0
votes

You're calling session_destroy() twice.

If your cookie isn't set, then it won't equal $_SESSION['email'] will it?

Change your code to:

public function forbidden(){
    if(!isset($_SESSION)){ session_start(); }

    if(!isset($_SESSION['email']) || !isset($_SESSION['id'])){
        $this->error_404();
    }else{

        if(!isset($_COOKIE['data'])){
            session_destroy();
            $this->error_404();
        } elseif($_COOKIE['data'] != sha1($_SESSION['email'])){
            session_destroy();
            unset($_COOKIE["data"]);
            setcookie("data", false, time() - 3600, '/');
            $this->error_404();
        }
    }
}