2

I am trying to create a page that logs out the users on my website, but when I try to reinitialize the session, my page keeps saying Warning: session_regenerate_id(): Cannot regenerate session id - session is not active. The code that starts the session:

try {
  if (!isset($_SESSION) or session_id() == "") {
    session_start();
    if (!isset($_COOKIE['auth']) or $_COOKIE['auth'] != 'NO') {
      $_COOKIE['auth'] = 'NO';
    }
  }
} catch (Error $e) {
  echo "Caught Error: $e";
}

The logout page code:

try {
    unset($_SESSION);
    session_regenerate_id(true);
} catch (Error $e) {
    echo "Caught Error: $e";
}

There are not session_destroy()s or anything like that anywhere else on my website (as mentioned here), and I can see that the PHPSESSID cookie is set and after clearing the cookies gets set again after a page refresh.

Revvz
  • 455
  • 1
  • 6
  • 14

1 Answers1

3

Just know that sessions should be started right at the beginning of the code

So do something like this:

<?php

    session_start();
    session_regenerate_id(true);

    if($_SESSION['name_of_the_session'] == false){
        header("Location: please_make_login.php"); //If doesn't exists the session, redirect user to the login page
        exit();
    }
   
    try {
        if (!isset($_COOKIE['auth']) or $_COOKIE['auth'] != 'NO') {
          $_COOKIE['auth'] = 'NO';
        }
      }
    } catch (Exception $e) {
      echo "Caught Error: " . $e->getMessage();
    }

Logout

<?php

    session_start(); //It'll see if exists a session
    session_destroy(); //Then will destroy the session
    header("Location: index.php"); //And redirect to a page named index.php & finish the process
    exit();

If you want to work with sessions, then initialize them first in every PHP script, and after initializing the session, regenerate the id, a quick example:

<?php
 
 session_start();
 session_regenerate_id(true); //I recommend to use true

 $some_variable = $_SESSION['name_of_the_session'];

 //Don't forget to check if the session exists, if the user really started a session!
 
 if($some_variable == false){
   header("Location: please_make_login.php"); //Redirect the user to a page because the user doesn't started a session
   exit();
 }

 echo $some_variable; //Echo the value of the session, it'll only echo if really exists
Anne Rebb
  • 185
  • 1
  • 9
  • Please tell me if you understand, if you still have the problem, I am here to help you – Anne Rebb Oct 04 '20 at 15:11
  • Thanks for your help. I still get the same ```session is not active``` error even when explicitly calling ```session_start()``` on the page. All cookies and variables seem to set correctly in the Session and even was able to echo variables from the Session. – Revvz Oct 04 '20 at 18:06
  • 1 - Check for any white space before opening the ` – Anne Rebb Oct 04 '20 at 23:40
  • Please let me know if you have solved your problem, I am here to help you! – Anne Rebb Oct 04 '20 at 23:43
  • Oh. I misunderstood. What I am trying to achieve is a ```session_destroy()``` while regenerating the session. I'll change my code for that and report back. Thanks. – Revvz Oct 05 '20 at 01:07
  • Very well! Got it now? – Anne Rebb Oct 05 '20 at 13:41
  • 1
    Not yet. It still has the same error, but I am trying to make a page where that user is actually signed in to see if that is the issue. Last hope really. – Revvz Oct 05 '20 at 14:48
  • Do not lose hope. It all seems very confusing, you are probably doing something wrong, I would like to help you! Could you please add more details to your question? You said you want to create a page to disconnect users, well, I created a script that does that. If your code isn't working, maybe it's because you didn't name a session? Is what it seems! – Anne Rebb Oct 05 '20 at 17:54
  • I never knew I had to name a session. After I get the login page fixed, I'll definitely try it out. Thanks! – Revvz Oct 05 '20 at 19:10
  • what would ```$_SESSION['name_of_the_session'];``` be set to? I don't see this being set anywhere in your answer. could I do ```if (session_name()) {//session active}```? – Revvz Oct 05 '20 at 19:40
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/222561/discussion-between-anne-rebb-and-notanerd). – Anne Rebb Oct 05 '20 at 19:48
  • Just making sure: If you start a session on one page, It transfers over to the next? – Revvz Oct 06 '20 at 15:41
  • Yes, but for that on this "next" page, `session_start()` must be enabled, only then can you work with sessions – Anne Rebb Oct 06 '20 at 19:44
  • 1
    This is what solved it for me. Thanks for all your help! – Revvz Oct 06 '20 at 20:15