Why isn't this session destroyed?

2
votes

I've this logout.php page that I use to logout from my PHP project.

<?php
session_start();

$conn4=mysqli_connect("localhost", "root", "", "winkcage");
$useronline=$_SESSION["unamsession"];
$queryseen="UPDATE signup SET seen='' WHERE username='$useronline'";
$queryseenrun=mysqli_query($conn4, $queryseen);
session_destroy();
session_unset();
header('Location: login.php');
?>

[Both in Firefox and Chrome]: When I click logout button, the page is redirected to login.php, but when I load the home page again in different tab (which should open only when the session is not destroyed), it loads instead of redirecting to login.php (this would be my index page).

I don't know what's wrong with this code. Does writing session_destroy() before session_unset() make any difference? How do I fix it?

[Only with Chrome, in Firefox it's okay]: When I close the Firefox, the session is automatically destroyed, which is obvious, but it's not with Chrome. Chrome isn't destroying it. How's it possible? I've checked my code thoroughlly but I didn't find any code line related to cookie.

Another problem is that when I'm logged in for a few minutes (I guess 20-30), the session is automatically destroyed. Is it possible that I have written some code by mistake for this? Or is it default?

2
phpsession
Do you use session cookies? If yes - you must delete those too. Like setcookie("YourCookie", "", time() - 3600);bugnumber9
I don't remember even if I've written it because I'm working on it for last 1 month. But chances are very less. I've mainly 2 pages in this project. 1 is login, 2nd is home. Where can I find it if it is written?cybrain
Chrome Dev Tools -> Resources -> Cookiesbugnumber9

2 Answers

1
votes

not sure if you are using cookie or not but i think this will solve it ....

$queryseenrun=mysqli_query($conn4, $queryseen);
session_unset();
    $_SESSION = array();
    // get session parameters 
    $params = session_get_cookie_params();
    //delete the actual cppkie
    setcookie(session_name(),'', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
    // Destroy session 
    session_destroy();
    //redirect to the index.php
    header("Location: login.php");
    exit();
1
votes

From http://php.net/manual/en/function.session-unset.php

Session unset simply clears the session for use but it is not destroyed, it is still on the user's computer.

Try the following:

session_start();  
session_destroy();  
$_SESSION = array();  
header('Location: index.php');