-3

I am trying to create a login system. At the moment everything seem to be working as expected except I am not able to clear my session ID,

why do session_unset() and session_destroy don't seem to have any effect ?

UPDATE: solved below

INDEX.PHP

  session_start();

  if (array_key_exists('id', $_COOKIE) && $_COOKIE ['id']) {
  $_SESSION['id'] = $_COOKIE['id'];

 print("SESSION ID");
 print("<br>");
 print_r($_SESSION);
 print("<br>");
 print("COOKIE");
 print("<br>");
 print_r($_COOKIE);

  }

// SET SESSION

function setSession($setSessionData) {

    $_SESSION['id'] = $setSessionData[0];

     if ($setSessionData[1] == 'yes') {
       setcookie('id', $setSessionData[0], time() + 60*60*24*365, '/'     );
     }
  };

// CLEAR SESSION

function unSetSession() {

  session_unset();
  setcookie("id", "", time() - 60*60*24*365, '/');
  session_destroy();

}
Doer
  • 53
  • 1
  • 8
  • you have not given the code of login and logout pages. – Javid Karimov Dec 06 '17 at 15:27
  • 2
    Are you sure about setting the session id by hand? PHP deals with the PHPSESSID by itself and writes it into a browser cookie – Matschek Dec 06 '17 at 15:30
  • @CavidKərimov it is all Ajax calls. @Matscheck That is what I learnt in the tutorial but I am a rookie at that.. Problem is the `session_unset()` and `session_destroy` don't seem to have any effect – Doer Dec 06 '17 at 15:41
  • Remember that all setcookie need to happen before even a single byte of output is sent to the web browser. – IncredibleHat Dec 06 '17 at 15:49
  • @Randall the cookie sets and clears fine; it is the session I can't seem to be able to clear; as you can see above, after the logging out step, session still contains data – Doer Dec 06 '17 at 15:56
  • Maybe this sheds more light: https://stackoverflow.com/questions/6472123/why-session-destroy-not-working – IncredibleHat Dec 06 '17 at 16:02
  • Thank you, I tried all of that and nothing clears it; only way to clear it is to delete manually the PHPSESSID cookie and I mean by that from the browser – Doer Dec 06 '17 at 16:19

1 Answers1

0

SOLVED:

Had to initialise the session in my function called via Ajax; so the logout function is like so:

function unSetSession() {

  session_start();
  $_SESSION = array();
  setcookie("id", "", time() - 60*60*24*365, '/');
  session_destroy();

}
Doer
  • 53
  • 1
  • 8