Logout codeigniter

Question

I have a logout controller in codeigniter :

<?php

class Logout extends MY_Controller {

    function index()
    {

        $this->session->sess_destroy();
        redirect('index.php');
    }
}

This logs me out but when i call another controller after logging, like "/site/addnewpost", this just logs me in again, as if the sassion had not been destroyed previously. Why is this happening?

remove the redirect. make another script that contains only `var_dump($_SESSION)` and call that script after logging out to check if the session really is destroyed — Ayush, Dec 23 '11 at 13:59
@xbonez - Correct me if I'm wrong here, but I thought CodeIgniter does not use the native PHP session. — Tyil, Dec 23 '11 at 15:19
@Tyil you're right, $_SESSION won't surely be set here as CI doens't use it. I hope OP is not mixing them both too! — Damien Pirsy, Dec 23 '11 at 15:37
ah, my bad. I use Codeigniter, but always use `$_SESSION` manually. Wasn't aware CI maintains its own session variables — Ayush, Dec 23 '11 at 17:54

score 12 · Accepted Answer · answered Dec 23 '11 at 15:34

Follow ALex's suggestion, but using CI code:). What I mean, try unsetting each session data individually. I read once about an issue in version 2.0.3 I think, but I don't remember now and I don't have time to search for the reference. It's in their forum, though, and the suggestion was the same: unset each session element one by one.

$this->session->unset_userdata('data_one');
$this->session->unset_userdata('data_two');
$this->session->unset_userdata('data_three');
$this->session->unset_userdata('data_one');
$this->session->sess_destroy();
redirect('home','refresh');  // <!-- note that
//you should specify the controller(/method) name here

You need to redirect because CI's session are just cookies, not the native php session array.

Another thing...make sure the fault isn't in your login methods, which logs you in no matter if you succesfully logout or not!

score 2 · Answer 2 · answered Dec 23 '11 at 15:07

2

Try explicitly delete items like this:

$this->Session->delete('User');
$this->Session->destroy();
$this->Cookie->delete("User");
$this->Cookie->destroy();
$this->Auth->logout();
$this->redirect('whereever');

answered Dec 23 '11 at 15:07

Alex

11,479
6
28
50

score 1 · Answer 3 · answered Feb 23 '15 at 23:25

You can also try manually setting your "logged_in" or whatever you called the session to false. Then, destroying all other session data.

    $this->session->set_userdata('logged_in', FALSE);
    $this->session->session_destroy();
    redirect('index');

score 1 · Answer 4 · answered Jan 23 '12 at 10:52

My problem had to do with caching on the server side. The quickest I could fix it was by appending random text to the logout link:

<?php
    $this->load->helper('string');
    echo anchor('/home/logout/'.random_string(), 'logout');
?>

home/logout contained the same code as function index in the question.

Just so you know the redirect('/', 'refresh') did not work for me, but I again I did a quick test.

I am guessing that the random_string() method can be replaced by outputting headers that force cache to be cleared etc. As you have probably guessed, I can't do that right now as I am super busy. Maybe later.

Faisal Ibrahim · Answer 5 · 2017-06-29T09:24:51.273

0

first we have to load session library to deal with session than unset the sessionID and destroy the session. I am using this code to unset my session and secure logout.

$this->load->library('session');
$this->session->set_userdata('user_id', FALSE);
$this->session->sess_destroy();
$this->load->view('your URL');

edited Jun 29 '17 at 09:24

answered Jun 28 '17 at 15:43

Faisal Ibrahim

1
2

Please don't post code-only answers. Include some explanation of what you have changed, why it works, etc. – random_user_name Jun 29 '17 at 02:32

Logout codeigniter

5 Answers5

Linked