logout script works on localhost but not on my hosted server

StackOverflow https://stackoverflow.com/questions/22162316

  •  19-10-2022
  •  | 
  •  

Question

The weirdest thing is happening, when I logout of my app it redirects me to the correct page, so the script runs. However when I randomly type in a page that I should not have access to since my sessions and cookies have been destroyed I have access to it, this only happens on my hosted server, on local host it works fine, has anyone run into this before?

The start sessions script 

<?php
 session_start();
 // If the session vars aren't set, try to set them with a cookie
      if (!isset($_SESSION['user_id'])) {
           if (isset($_COOKIE['user_id']) && isset($_COOKIE['user_email'])) {
                $_SESSION['user_id'] = $_COOKIE['user_id'];
                $_SESSION['user_email'] = $_COOKIE['user_email'];
                $_SESSION['lawyer_client'] = $_COOKIE['lawyer_client'];
            }
       }
  ?>

The log out script 

<?php
// If the user is logged in, delete the session vars to log them out
session_start();
if (isset($_SESSION['user_id'])) {
// Delete the session vars by clearing the $_SESSION array
$_SESSION = array();

// Delete the session cookie by setting its expiration to an hour ago (3600)
if (isset($_COOKIE[session_name()])) {
  setcookie(session_name(), '', time() - 7600);
}

// Destroy the session
session_unset();
session_destroy();


// Delete the user ID and username cookies by setting their expirations to an hour   ago   (3600)
setcookie('user_id', '', time() - 7600);
setcookie('user_email', '', time() - 7600);
setcookie('lawyer_client', '', time() - 7600);

// Redirect to the home page
$home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) .    '/index.php';
header('Location: ' . $home_url);}
?>

I am checking to see if the session is set using this script 

require_once('startsession.php');
if (!isset($_SESSION['user_id'])) {
echo '<p class="login">Please <a href="main_login.php">log in</a> to access this page.</p>';
exit();
}

So after looking at what I just put down my first guess would be that my logout script is not properly clearing my sessions...but why is it only not doing it on my shared host?

Était-ce utile?

La solution

In some shared hosts you will have to include the sessions directory in order to work. Are you sure that the sessions are correctly initialized?

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top