unset $_SESSION not working
It's not recommended to unset session variables this way. Use session_unset()
, see http://php.net/manual/en/function.session-unset.php
Over that, you don't want that the session still exists on the users computer, for this use session_destroy()
.
session_unset()
just clears out the session for usage.
Jules Martinez
Updated on June 13, 2022Comments
-
Jules Martinez almost 2 years
Hi i made a code that connects with facebook and register the user, then it makes the user login , everything works very nice.. When they login i set
$_SESSION['id']
My guess was, if this was unset the user will be logout from my site, and it wont be "autoreconnected"..
Because previously it was like a loop, everytime i logout, it login again using the facebook connect even if the user havent clic again "login with facebook"...
EDIT: I change a condition and know is not "looping" i CAN logout of the site..
But the Session , is not unset!, why, just the cookies are set to '' but ,=( session is not unset
Here is my code
the head
<?php // // uses the PHP SDK. Download from https://github.com/facebook/php-sdk include("facebook-php-sdk-master/src/facebook.php"); // // from the facebook app page define('YOUR_APP_ID', ''); define('YOUR_APP_SECRET', ''); // // new facebook object to interact with facebook $facebook = new Facebook(array( 'appId' => YOUR_APP_ID, 'secret' => YOUR_APP_SECRET, )); // // if user is logged in on facebook and already gave permissions // to your app, get his data: $userId = $facebook->getUser(); ?>
The body
<?php echo $_SESSION['id']; if ($userId) { // // already logged? show some data $userInfo = $facebook->api('/' + $userId); if (isset($userInfo['email']) || isset($_SESSION['id'])) { include "facebookregister.php"; } else { echo "no hay permisos de facebook"; } } else { // // use javaascript api to open dialogue and perform // the facebook connect process by inserting the fb:login-button ?> <div id="fb-root"></div> <fb:login-button scope='email,user_birthday'></fb:login-button> <?php } ?> <script> window.fbAsyncInit = function() { FB.init({ appId : <?=YOUR_APP_ID?>, status : true, cookie : true, xfbml : true, oauth : true, }); FB.Event.subscribe('auth.login', function(response) { // ------------------------------------------------------ // This is the callback if everything is ok window.location.reload(); }); }; (function(d){ var js, id = 'facebook-jssdk'; if (d.getElementById(id)) {return;} js = d.createElement('script'); js.id = id; js.async = true; js.src = "//connect.facebook.net/en_US/all.js"; d.getElementsByTagName('head')[0].appendChild(js); }(document)); </script>
facebookregister.php
<?PHP echo "<p>YOU ARE: <strong>". $userInfo['name'] ."</strong><br/>"; echo "Your birth date is: ".$userInfo['birthday']."</p>"; echo "Your mail is: ".$userInfo['email']."</p>"; echo "Your mail is: ".$userInfo['username']."</p>"; //$name = $userInfo['name']; $first_name = $userInfo['first_name']; $last_name = $userInfo['last_name']; $birthday = $userInfo['birthday']; $username_fb = $userInfo['username']; $email = $userInfo['email']; $gender = $userInfo['gender']; $status = 1; function generateRandomString($length = 10) { $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!'; $randomString = ''; for ($i = 0; $i < $length; $i++) { $randomString .= $characters[rand(0, strlen($characters) - 1)]; } return $randomString; } $db= DAL::get_instance(); //select all rows from our users table where the emails match $count=$db->read_single_column("select count(id) from ".TABLE_PREFIX."users where email=? and status=1", array($email)); echo "Aqui".$count; //if the number of matchs is 1 if($count == 1){ //the email address supplied is taken so just login user $res=$db->execute_query("select * from ".TABLE_PREFIX."users where email=?",array($email)); $v=$res->fetch_assoc(); $username=$v['username']; $password=$v['password']; $this->set_variable('username',$username); $this->set_variable('password',$password); $query="select id from ".TABLE_PREFIX."users where username=? and password=?"; $res=$db->execute_query($query,array($username,$password)); $value2=$res->fetch_assoc(); $id=$value2['id']; $orig_password=$db->read_single_column("select password from ".TABLE_PREFIX."users where username=? and status=1", array($username)); if($password == $orig_password) { $t=time(); $sql="update ".TABLE_PREFIX."users set last_login_time=? where id=?"; $res=$db->execute_query($sql,array($t,$id)); $srv_nms=BASE; $srv_nms=str_replace("http://","",$srv_nms); $srv_nms=str_replace("https://","",$srv_nms); $srv_nms=str_replace("www.","",$srv_nms); $srv_pats=$srv_nms; $srv_nms_arr=explode("/",$srv_nms); $srv_nms=$srv_nms_arr[0]; $srv_pats=str_replace($srv_nms."/","",$srv_pats); setcookie(COOKIE_LOGINID,$id,0,"/".$srv_pats,$srv_nms); setcookie(COOKIE_USERNAME,$username,0,"/".$srv_pats,$srv_nms); setcookie(COOKIE_PASSWORD,$orig_password,0,"/".$srv_pats,$srv_nms); $_SESSION['user'] = $email; $_SESSION['id'] = $id; if(LoginHelper::validate_user_login()==0) { header("Location:index.php"); exit; } } }else{ //finally, otherwise register there account //time of register (unix) $registerTime = date('U'); //make a code for our activation key $code = md5($username).$registerTime; $password = $randomString; $password = md5($password); //insert the row into the database $res=$db->execute_query("INSERT INTO ".TABLE_PREFIX."users (`username`, `password`, `email`, `reg_time`, `status`, `fname`, `lname`) VALUES('".$username_fb."','".$password."','".$email."','".$registerTime."','".$status."','".$first_name."' ,'".$last_name."' )"); $row=$db->execute_query("SELECT username, password FROM ".TABLE_PREFIX."users WHERE email=".$email.""); $row_data=$row->fetch_assoc(); $username=$row_data['username']; $password=$row_data['password']; $this->set_variable('username',$username); $this->set_variable('password',$password); $query="select id from ".TABLE_PREFIX."users where username=? and password=?"; $res=$db->execute_query($query,array($username,$password)); $value2=$res->fetch_assoc(); $id=$value2['id']; $orig_password=$db->read_single_column("select password from ".TABLE_PREFIX."users where username=? and status=1", array($username)); if(md5($password)== $orig_password) { $t=time(); $sql="update ".TABLE_PREFIX."users set last_login_time=? where id=?"; $res=$db->execute_query($sql,array($t,$id)); $srv_nms=BASE; $srv_nms=str_replace("http://","",$srv_nms); $srv_nms=str_replace("https://","",$srv_nms); $srv_nms=str_replace("www.","",$srv_nms); $srv_pats=$srv_nms; $srv_nms_arr=explode("/",$srv_nms); $srv_nms=$srv_nms_arr[0]; $srv_pats=str_replace($srv_nms."/","",$srv_pats); setcookie(COOKIE_LOGINID,$id,0,"/".$srv_pats,$srv_nms); setcookie(COOKIE_USERNAME,$username,0,"/".$srv_pats,$srv_nms); setcookie(COOKIE_PASSWORD,$orig_password,0,"/".$srv_pats,$srv_nms); $_SESSION['user'] = $email; $_SESSION['id'] = $id; //header("Location:".$this->make_url('user/home')); //exit; } //send the email with an email containing the activation link to the supplied email address mail($email, $username.' registration confirmation', "Thank you for registering to us ".$username.",\n\nHere is your activation link. If the link doesn't work copy and paste it into your browser address bar.\n\nhttp://www.yourwebsitehere.co.uk/activate.php?code=".$code, 'From: [email protected]'); //display the success message echo "<center>You have successfully registered, please visit you inbox to activate your account!</center>"; header("Location: index.php"); exit; } ?>
THE MOST IMPORTANT. LOGOUT ACTION
function logout_action() { $srv_nms=BASE; $srv_nms=str_replace("http://","",$srv_nms); $srv_nms=str_replace("https://","",$srv_nms); $srv_nms=str_replace("www.","",$srv_nms); $srv_pats=$srv_nms; $srv_nms_arr=explode("/",$srv_nms); $srv_nms=$srv_nms_arr[0]; $srv_pats=str_replace($srv_nms."/","",$srv_pats); setcookie(COOKIE_LOGINID,"",0,"/".$srv_pats,$srv_nms); setcookie(COOKIE_USERNAME,"",0,"/".$srv_pats,$srv_nms); setcookie(COOKIE_PASSWORD,"",0,"/".$srv_pats,$srv_nms); unset($_SESSION['user']); unset($_SESSION['id']); unset($_SESSION['fb_540341239342331_code']); unset($_SESSION['fb_540341239342331_access_token']); unset($_SESSION['fb_540341239342331_user_id']); header("Location: ".$this->make_url("user/login/l")); die; }
Session unset & destroy, tested but not working.. why?? Code
function logout_action() { $srv_nms=BASE; $srv_nms=str_replace("http://","",$srv_nms); $srv_nms=str_replace("https://","",$srv_nms); $srv_nms=str_replace("www.","",$srv_nms); $srv_pats=$srv_nms; $srv_nms_arr=explode("/",$srv_nms); $srv_nms=$srv_nms_arr[0]; $srv_pats=str_replace($srv_nms."/","",$srv_pats); setcookie(COOKIE_LOGINID,"",0,"/".$srv_pats,$srv_nms); setcookie(COOKIE_USERNAME,"",0,"/".$srv_pats,$srv_nms); setcookie(COOKIE_PASSWORD,"",0,"/".$srv_pats,$srv_nms); session_unset(); header("Location: ".$this->make_url("user/login/l")); die; }