Results 1 to 6 of 6
  1. #1
    Join Date
    Aug 2003
    Location
    Walsall - UK
    Posts
    177

    Unhappy The correct way to use sessions?

    I'm completely stuck..

    I'm getting the following error when I'm attempting to destroy a session (logging out):

    Warning: session_destroy(): Trying to destroy uninitialized session in \\nas34ent\domains\i\inspyral.com\user\htdocs\osrt\logout2.php on line 3
    Here is the process I'm going through...

    I login:

    Page: login.php
    PHP Code:
    <?

    session_start
    ();  // Start Session

    $dbhost 'zzzz';
    $dbusername 'zzzz';
    $dbpasswd 'zzzz';
    $database_name 'zzzz';


    $connection mysql_connect($dbhost,$dbusername,$dbpasswd
        or die (
    mysql_error());
        
    $db mysql_select_db($database_name$connection)
        or die(
    mysql_error());

    $username $_POST['username'];
    $password $_POST['password'];


    if((!
    $username) || (!$password)){
        
        
    $msg="You did not enter a username and password, please try again. <a href='javascript:history.back()'>Click Here</a>";
        
        
    include(
    "top.php");
        
    $p="blank";
    include(
    "$p".".php");



    include(
    "bottom.php");
        
        exit();
        
    }else {


    // check if the user info validates the db
    $sql mysql_query("SELECT * FROM users WHERE username='$username' AND password=('$password')");
    $login_check mysql_num_rows($sql);

    if(
    $login_check 0){
        while(
    $row mysql_fetch_array($sql)){
        foreach( 
    $row AS $key => $val ){
            $
    $key stripslashes$val );
        }
            
    // Register some session variables!

            
    session_register('username');
            
    $_SESSION['username'] = $username;
            

            
                        
    setcookie ("auth""$user_id"time() + 60000"/osrt""inspyral.com"0);
                
    header("Location: loggedin.php");

        }

    } else {

        
        
    include(
    "top.php");

        
    $p="blank";
            
    $msg="Your login details are incorrect, please try again. <a href='javascript:history.back()'>Click Here</a>";
    include(
    "$p".".php");



    include(
    "bottom.php");
        
        exit();
    }
    }
    ?><? mysql_close(); ?>

    It then goes to the loggedin.php page...

    Page: loggedin.php

    PHP Code:
    <? 

    session_start
    ();  // Start Session

    include('top.php'); 



    ?>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Untitled Document</title>
    <style type="text/css">
    <!--
    .style2 {
        font-family: Arial, Helvetica, sans-serif;
        font-weight: bold;
        font-size: 10pt;
    }
    .style3 {
        font-family: Arial, Helvetica, sans-serif;
        font-size: 10pt;
    }
    -->
    </style></head>

    <body>
    <table width="100%" border="0" cellspacing="5" cellpadding="9">
      <tr>
        <td><span class="style2">Online Service Revenue Tracker. </span></td>
      </tr>
      <tr>
        <td><p class="style3">You are now logged in!</p>
        <p class="style3">&nbsp;</p></td>
      </tr>
    </table>
    </body>
    </html>
    <? include('bottom.php'); ?>
    I go to another page to simulate general use:

    Page: view.php
    PHP Code:
    <? 

      
    // Start Session

    if($_SESSION['username']){

    include(
    "home.php");

    }else{

    ?>


    <? include("top.php"); ?>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Untitled Document</title>
    <style type="text/css">



    <!--
    .style2 {
        font-family: Arial, Helvetica, sans-serif;
        font-weight: bold;
        font-size: 10pt;
    }
    .style3 {
        font-family: Arial, Helvetica, sans-serif;
        font-size: 10pt;
    }
    -->
    </style></head>

    <body>
    <table width="100%" border="0" cellspacing="5" cellpadding="9">
      <tr>
        <td><span class="style2">View Figures </span></td>
      </tr>
      <tr>
        <td><p class="style3"><? echo $msg?></p>
        <p class="style3">&nbsp;</p></td>
      </tr>
    </table>
    </body>
    </html>
    <? include("bottom.php"); ?>
    <? 
    ?>
    I then hit the logout button which goes as follows:
    Page: logout.php
    PHP Code:
     include("top.php"); ?>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Untitled Document</title>
    <style type="text/css">
    <!--
    .style2 {
        font-family: Arial, Helvetica, sans-serif;
        font-weight: bold;
        font-size: 10pt;
    }
    .style3 {
        font-family: Arial, Helvetica, sans-serif;
        font-size: 10pt;
    }
    -->
    </style></head>

    <body>
    <table width="100%" border="0" cellspacing="5" cellpadding="9">
      <tr>
        <td><span class="style2">Logout</span></td>
      </tr>
      <tr>
        <td><p class="style3">
        
        
        
    <br><center>
        <font face='arial' size='2'>&nbsp;&nbsp;&nbsp;&nbsp;Are you sure you want to logout?<br />
    <span class='content'>&nbsp;&nbsp;&nbsp;&nbsp;<a href=logout2.php>Yes</a> | No<a href=javascript:history.back()>No</a></span>
        
        
        
        </p></td>
      </tr>
    </table>
    </body>
    </html>
    <? include("bottom.php"); ?>

    It then processes the logout request:
    Page: logout2.php
    PHP Code:
    <? include("top.php");
        
        
    session_destroy();
        if(!
    session_is_registered('username')){
    $msg="You have succesfully logged out, <a href='index.php'>Click Here</a>";
        }
     include(
    "bottom.php"); ?>
    Is there something I'm missing? Are my session_start() commands in the wrong places?

    Thanks in advance,

    Nick

    PS - The include files top.php and bottom.php are simply HTML based, there is no php coding in them.

  2. #2
    Join Date
    Oct 2002
    Location
    State of Disbelief
    Posts
    22,951
    I could be wrong, but "logout.php" doesn't carry the session in it, and it's missing the opening <?

    include("top.php"); ?>

  3. #3
    Join Date
    Aug 2003
    Location
    Walsall - UK
    Posts
    177
    Ah yes.. sorry the <? is in there .. I just pasted incorrectly

    I just tried that .. and the follow came up on the logout.php page:

    Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at \\nas34ent\domains\i\inspyral.com\user\htdocs\osrt\top.php:10) in \\nas34ent\domains\i\inspyral.com\user\htdocs\osrt\logout.php on line 2
    Followed by the continuing

    Warning: session_destroy(): Trying to destroy uninitialized session in \\nas34ent\domains\i\inspyral.com\user\htdocs\osrt\logout2.php on line 3
    on the logout2.php page.


  4. #4
    Join Date
    Oct 2002
    Location
    State of Disbelief
    Posts
    22,951
    "top.php:10" The HTML headers are already being sent by this included file on line 10. You need to start the session once, and then continue it through the "site". You start it on "login.php" and then start it again on "loggedin.php".

    I'm no expert, so you might want to wait for someone to tell you how to fix this....

  5. #5
    Join Date
    Dec 2006
    Location
    Charlotte NC
    Posts
    155
    A couple of things to keep in mind. The session should always be started ( session_start() ) before it is destroyed ( session_destroy() ). It is also best practice to handle session management before any html is output from the script. Additionally, the following code is the best way I have found to reliably clear session information.

    PHP Code:
    <?
    session_start
    ();
    session_unset();
    session_destroy();
    $_SESSION = array();
    ?>
    Caro.net :: Engineered Hosting
    Engineered Hosting solutions including Cloud, Dedicated, Colocation, and Managed Services.

  6. #6
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,686
    Warning: session_destroy(): Trying to destroy uninitialized session in \\nas34ent\domains\i\inspyral.com\user\htdocs\osrt\logout2.php on line 3
    You're getting this because you're not setting the session up before destroying it.

    The proper way to address sessions:
    In top.php, before anything else is even called:
    PHP Code:
    <?
    if( !isset( $_SESSION ) ) { session_start(); }   
    ?>
    That's it

    Now, when you destroy the session, make SURE you do everything necessary, including trashing the cookies. The way that I handle this is quite simple:

    PHP Code:
    if (isset($_COOKIE[session_name()])) {
       
    setcookie(session_name(), ''time()-42000'/');
    }
    session_destroy();
    print 
    "You have been logged out. Redirecting you now to the user admin page<br>";
    echo(
    "<meta http-equiv='refresh' content='1;url=/redirecturl.php'>"); 
    This way, your user doesn't have to click on anything, the cookie is removed, the session is destroyed, all is well and good.

    It is also best practice to handle session management before any html is output from the script.
    I'm not sure if best practice is the word for it, more like required. Once you send the header data, no session data can be sent AFAIK. You will receive an error stating such, if you try
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •