Question

The weirdest thing is happening, when I logout of my app it redirects me to the correct page, so the script runs. However when I randomly type in a page that I should not have access to since my sessions and cookies have been destroyed I have access to it, this only happens on my hosted server, on local host it works fine, has anyone run into this before?

The start sessions script

<?php
 session_start();
 // If the session vars aren't set, try to set them with a cookie
      if (!isset($_SESSION['user_id'])) {
           if (isset($_COOKIE['user_id']) && isset($_COOKIE['user_email'])) {
                $_SESSION['user_id'] = $_COOKIE['user_id'];
                $_SESSION['user_email'] = $_COOKIE['user_email'];
                $_SESSION['lawyer_client'] = $_COOKIE['lawyer_client'];
            }
       }
  ?>

The log out script

<?php
// If the user is logged in, delete the session vars to log them out
session_start();
if (isset($_SESSION['user_id'])) {
// Delete the session vars by clearing the $_SESSION array
$_SESSION = array();

// Delete the session cookie by setting its expiration to an hour ago (3600)
if (isset($_COOKIE[session_name()])) {
  setcookie(session_name(), '', time() - 7600);
}

// Destroy the session
session_unset();
session_destroy();


// Delete the user ID and username cookies by setting their expirations to an hour   ago   (3600)
setcookie('user_id', '', time() - 7600);
setcookie('user_email', '', time() - 7600);
setcookie('lawyer_client', '', time() - 7600);

// Redirect to the home page
$home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) .    '/index.php';
header('Location: ' . $home_url);}
?>

I am checking to see if the session is set using this script

require_once('startsession.php');
if (!isset($_SESSION['user_id'])) {
echo '<p class="login">Please <a href="main_login.php">log in</a> to access this page.</p>';
exit();
}

So after looking at what I just put down my first guess would be that my logout script is not properly clearing my sessions...but why is it only not doing it on my shared host?

Was it helpful?

Solution

In some shared hosts you will have to include the sessions directory in order to work. Are you sure that the sessions are correctly initialized?

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow