Logout when using cookies

Question

I am beginner in using php cookies and I am trying to make a simple login and logout form using cookies. everything was good but when I press logout link I can't logout. and to logout I have to delete the cookies from the browser.

log_in page

<?php
session_start();

if (isset($_COOKIE["Email"])){
    header("location: home.php");    
}
?>


<form method="post" action="log_in.php">   
<font size="6">Sign In</font>

Email Address: </b></font><input type="text" name="Email" id="email"  />  

password:  <input type="password" name="password" id="password"  />    

<input type="checkbox" name="rememberMe" value="1" id="check"/> Remember Me

<input type="submit" name="Login" id="sign" value="sign in" >

<?php 
include 'db.php';
if(isset($_POST['Login'])){
    $user_email = $_POST['Email'];  
    $password = $_POST['password'];

    $check_user = "SELECT * FROM user where user_email  = '$user_email' AND user_pass = '$password'";
    $run = mysql_query($check_user );

    if (mysql_num_rows($run) > 0){
        $_SESSION['Email']= $user_email;   

        $_SESSION['start'] = time(); 
        if(isset($_POST['rememberMe'])){
            $expire=time()+120;
            setcookie("Email", "Email", $expire);
        }
    else{
        $expire=time()+30;
        setcookie("Email", "Email", $expire);
    }
    echo "<script>window.open('home.php','_self')</script>";   
}
else {
    echo "<script>alert('email or password incorrect!')</script>";     
}}
?>

home page

<?php
if (isset($_COOKIE["Email"])){
  echo "Welcome " . $_COOKIE["Email"] . "!<br>";
    echo '<a href="logoutForm.php">logout</a>';
}
else{
    $now = time(); // Checking the time now when home page starts.
    if ($now > $expire) {
        session_destroy();
        header("location: log_in.php");    
}}

logout page

 <?php
 session_start();
 unset($_SESSION['Email']);
 session_destroy();
 header("Location: log_in.php");

 if(isset($_SESSION['Email'])):
     setcookie($_SESSION['Email'],'',time()-7000000,'/');
 endif;
 ?>

You seem to only be unsetting your Email session variable. You're also using `$_SESSION['start']` so that stands at still being set. You can try `unset($_SESSION);` to unset all session variables. — Funk Forty Niner, Aug 06 '14 at 17:10
Your home page doesn't have `session_start();` least not in what you posted; it's required. — Funk Forty Niner, Aug 06 '14 at 17:26

Funk Forty Niner · Accepted Answer · 2014-08-07T00:14:08.883

5

Your home page (code) doesn't have session_start(); least not in what you posted; it's required when using session_destroy(); it doesn't work on its own.

Give this a go:

Sidenote: $expire is undefined for home page code, so you will need to use the same or similar method as you used for the other pages.

<?php
if (isset($_COOKIE["Email"])){
  echo "Welcome " . $_COOKIE["Email"] . "!<br>";
    echo '<a href="logoutForm.php">logout</a>';
}
else{
    $now = time(); // Checking the time now when home page starts.
    if ($now > $expire) { // $expire is undefined
        session_start(); // <= required
        session_destroy(); // <= does not work on its own
        header("location: log_in.php");    
    }
}

edited Aug 07 '14 at 00:14

answered Aug 06 '14 at 17:30

Funk Forty Niner

74,450
15
68
141

I tried adding session_start(); in the home page but it didn't work, I think the problem in the logout page. – user3891365 Aug 06 '14 at 17:56
Instead of `unset($_SESSION['Email']);` in your logout page; have you tried `unset($_SESSION);`? @user3891365 that will unset all sessions. – Funk Forty Niner Aug 06 '14 at 17:58
@user3891365 Plus, instead of `setcookie($_SESSION['Email'],'',time()-7000000,'/');` try `setcookie($_COOKIE['Email'],'',time()-7000000,'/');` in your logout page. – Funk Forty Niner Aug 06 '14 at 18:03
@user3891365 Another thing I spotted; in your home page `$expire` is undefined which is a contributing factor. Add error reporting to the top of that or all file(s) right after your opening ` – Funk Forty Niner Aug 06 '14 at 18:07
session_start(); setcookie($_COOKIE['Email'],'',time()-7000000,'/'); unset($_SESSION['Email']); session_destroy(); header("Location: log_in.php"); I tried this code in logout page but it didn't work – user3891365 Aug 06 '14 at 18:10
@user3891365 Did you see my comment just above yours? About `$expire` being undefined in home page. Reload the comments and see. This `if ($now > $expire)` renders to `if ($now > nothing)` – Funk Forty Niner Aug 06 '14 at 18:11
How did the cookies end up tasting @Fred-ii-? :P – Darren Aug 07 '14 at 00:13
1

@Darren Looks like they were sweet in the end! – Funk Forty Niner Aug 07 '14 at 00:13
@FunkFortyNiner What is the `time()-7000000` for? Why not just `0`? – user3187724 Jun 03 '20 at 15:02

Bijan · Answer 2 · 2014-08-06T17:19:57.427

0

If you're looking to completely destroy the session, you can just use session_destroy()

<?php
session_start();
session_destroy();
?>

Or if you are just looking to unset the Email, you can use

<?php
session_start();
if(isset($_SESSION['Email']))
  unset($_SESSION['Email']);
?>

edited Aug 06 '14 at 17:19

answered Aug 06 '14 at 17:03

Bijan

7,737
18
89
149

`session_start();` needs to be included when using [`session_destroy();`](http://php.net/manual/en/function.session-destroy.php) – Funk Forty Niner Aug 06 '14 at 17:13

Logout when using cookies

2 Answers2