Why session is not destroyed, after i destroy it in my logout.php page?

0
votes

I have started session (session_start()) in file which is included in all pages. My link for logout.php is in this file, i ll post code for included file later, also code for my logout.php page.

After i logout, its all ok, but if i click more then 2-3 times on my admin button (which should be active only if $_session['user1'] and $_session['pass'] r correct) i proceed to admin.php page (after i destroyed session o.O);

Part of my included file to all pages:

<?php
session_start();

    if ((!isset($_SESSION['user1']))&&(!isset($_SESSION['pass1'])))  {
            echo "<li><a href='login.php'>Admin</a></li>";
    } 
    else {
            echo "<li><a href='Admin.php'>Admin</a></li>";
    };

?>

logout page:

<?php
session_start();
unset ($_SESSION['user1'],$k);
unset ($_SESSION['pass'],$p);
session_destroy();
header('Location:Naslovna.php');
exit();
?>
2
phpsession
Is exit() necessary?Kirk Powell
well, i think that exit() should be after header... so the rest of the code dont execute, but in this case i think its not necessary.zlajapn

2 Answers

0
votes

As per the documentation:

session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

If you want to truly destroy the session, you have to unset the session cookie yourself.

0
votes

I had this problem recently, solved it with this:

unset($user1,$pass);
session_unset();
session_destroy();
header('Location: ../index.php');