
The weirdest thing is happening, when I logout of my app it redirects me to the correct page, so the script runs. However when I randomly type in a page that I should not have access to since my sessions and cookies have been destroyed I have access to it, this only happens on my hosted server, on local host it works fine, has anyone run into this before?

The start sessions script

 // If the session vars aren't set, try to set them with a cookie
      if (!isset($_SESSION['user_id'])) {
           if (isset($_COOKIE['user_id']) && isset($_COOKIE['user_email'])) {
                $_SESSION['user_id'] = $_COOKIE['user_id'];
                $_SESSION['user_email'] = $_COOKIE['user_email'];
                $_SESSION['lawyer_client'] = $_COOKIE['lawyer_client'];

The log out script

// If the user is logged in, delete the session vars to log them out
if (isset($_SESSION['user_id'])) {
// Delete the session vars by clearing the $_SESSION array
$_SESSION = array();

// Delete the session cookie by setting its expiration to an hour ago (3600)
if (isset($_COOKIE[session_name()])) {
  setcookie(session_name(), '', time() - 7600);

// Destroy the session

// Delete the user ID and username cookies by setting their expirations to an hour   ago   (3600)
setcookie('user_id', '', time() - 7600);
setcookie('user_email', '', time() - 7600);
setcookie('lawyer_client', '', time() - 7600);

// Redirect to the home page
$home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) .    '/index.php';
header('Location: ' . $home_url);}

I am checking to see if the session is set using this script

if (!isset($_SESSION['user_id'])) {
echo '<p class="login">Please <a href="main_login.php">log in</a> to access this page.</p>';

So after looking at what I just put down my first guess would be that my logout script is not properly clearing my sessions...but why is it only not doing it on my shared host?

È stato utile?


In some shared hosts you will have to include the sessions directory in order to work. Are you sure that the sessions are correctly initialized?

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top