CodeIgniter doesn't unset session

Question

i can't logout in my application with codeigniter

my code looks like this:

public function logout() 
{
   $sess = $this->CI->session->all_userdata();
   $this->CI->session->unset_userdata($sess["session_id"]);
   $this->CI->session->unset_userdata($sess["ip_address"]);
   $this->CI->session->unset_userdata($sess["user_agent"]);
   $this->CI->session->unset_userdata($sess["last_activity"]);
   $this->CI->session->sess_destroy();
   return true;
}

I'm calling this function on my login controller

public function __construct()
{
  parent::__construct();
  $this->load->Helper("password");
  $this->auth->logout();
  var_dump($this->auth->is_loggedin());
}

var_dump is always bool(true). How I can solve the problem?

what library are you using for your authentication in codeigniter ? and also if possible can you post the code for `is_loggedin` function — anurupr, Mar 09 '14 at 09:26
@anurupr i use "aauth" and you can find the function here: https://github.com/emreakay/CodeIgniter-Aauth/blob/master/application/libraries/Aauth.php#L140 — Evolutio, Mar 09 '14 at 09:28
i modified the function "logout" with my function above in my code. isn't that the right code? — Evolutio, Mar 09 '14 at 09:34
it doesn't look wrong. but probably its not getting unset due to various reasons. were you able to run it and check? — anurupr, Mar 09 '14 at 09:35

Pattle · Accepted Answer · 2014-03-09T10:29:20.717

2

I think the problem is that even though you have called sess_destroy the session exist for the rest of the current page build. What happens if you try this?

public function logout() 
{
   //No need to unset individual items just call sess_destroy
   $this->CI->session->sess_destroy();
   return true;
}

and then after you call the logout function do a redirect

public function __construct()
{
  parent::__construct();
  $this->load->Helper("password");
  $this->auth->logout();
  redirect('/test/', 'refresh');
}

edited Mar 09 '14 at 10:29

answered Mar 09 '14 at 10:05

Pattle

5,983
8
33
56

the problem is that i logout the user on /login/logout and the redirect is on /login/ and the sessions is no destroyed. When redirect to /test/ the session is destroyed. – Evolutio Mar 09 '14 at 10:25
on "/login" CodeIgniter creates a new cookie wiht the session details – Evolutio Mar 09 '14 at 10:28
yes but when i visit /login after logout it creates a new session and i'm logged in – Evolutio Mar 09 '14 at 10:31

score 0 · Answer 2 · answered Mar 09 '14 at 10:24

Instead of using the values of your session data, try using the keys themselves. Like this:

public function logout() 
{
   $this->CI->session->unset_userdata("session_id");
   $this->CI->session->unset_userdata("ip_address");
   $this->CI->session->unset_userdata("user_agent");
   $this->CI->session->unset_userdata("last_activity");
   $this->CI->session->sess_destroy();
   return true;
}

CodeIgniter doesn't unset session

2 Answers2