Session does not logoff in php

Asked

Viewed 72 times

0

I am creating a small site, but when I press to exit, the site depresses, but if I put the link of one of the pages, I can enter the system and not check if the login was done, even with security fields

Login.php:

<div class="login">
  <div class="row">
    <div class="col-sm-5 texto-capa">
    <form method="POST" action="validalogin.php">
      <img class="mb-4" src="imagens/icon/android-icon-72x72.png" alt="" width="72" height="72">
      <h3>Área de Login</h3>
      <div class="form-group">
          <label>E-mail</label>
          <input type="text" class="form-control" id="login" name="login" placeholder="Digite seu e-mail..." />
        </div>
        <div class="form-group">
          <label>Senha</label>
          <input type="password" class="form-control" id="senha" name="senha" placeholder="Digite sua senha..."/>
        </div>
        <div class="checkbox mb-3">
         <label>
           <input type="checkbox" value="remember-me"> Relembre-me
         </label>
        </div>
        <button type="submit" class="btn btn-entrar"><b>ENTRAR</b></button><br>
        <p class="mt-5 mb-3 text-muted">&copy; 2018</p>
    </form>
    <p class="text-center text-danger">
      <?php
        if(isset($_SESSION['security'])){
          echo $_SESSION['security'];
          unset($_SESSION['security']);
        } 
      ?>
    </p>
    </div>
  </div>
</div>

Security.php

<?php
ob_start();
if($_SESSION['login'] == null || $_SESSION['id'] == null){
  $_SESSION['security'] = "Efetue o Login!";
  header("Location: login.php");
}
?>

Close.php

<?php
unset($_SESSION['login'], $_SESSION['id'], $_SESSION['usuario']);
session_destroy();
header("Location: login.php");
?>
php javascript html html5

  • Forehead changing the == null for == "" (empty string)

  • I tried, but it didn’t work :/

  • Forehead isset($_SESSION ["nome"]), if it doesn’t make a echo of the session variable and put to the question

  • Unfortunately it didn’t even work echo

  • Checks that the session has been started on all pages (session_start ()), try to change ob_start for session_start, if I’m not mistaken to use the ob also need to use ob_end_flush()

  • In all, can post an example that works and does not save the security of the site ?

  • As far as I know to be able to manipulate the session variable it is necessary to call the function session_start(); before any other php code (<?php session_start(); ..., about the safety of this I can no longer say

Show 2 more comments

2 answers

1

Considering that you may not have put all the code here, I assume the missing is Exit after header in security.php:

header("Location: login.php");
exit;

Regardless of whether this solve your problem or not, it is a good practice of programming in PHP you put the exit after the use of header('Location:...').

Also make sure you are using session_start() somewhere in your code before using the unset().

  • All php s start with session_start(), but no changes work, include Exit in all pages that play a header at the end..

  • Then try to exchange $_SESSION[xx]=null for isset($_SESSION[..])..

  • I was able to resolve, as answer below, thank you!

0


not to edit the question and run out of connection I was able to solve the problem as follows:

On all my php pages, which the user will get the active session, contains a start check:

if(isset($_SESSION['id']) == null)
{
  echo '<script language="javascript">';
  echo 'alert("Efetue seu Login!");';
  echo 'window.location.href="login.php"';
  echo '</script>';
}

However, on my close.php page I changed the code entirely to erase all the $_SESSION data:

<?php
session_start();

// Apaga todas as variáveis da sessão
$_SESSION = array();

// Se é preciso matar a sessão, então os cookies de sessão também devem ser 
apagados.
// Nota: Isto destruirá a sessão, e não apenas os dados!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
    $params["path"], $params["domain"],
    $params["secure"], $params["httponly"]
);
header("Location: login.php");
}

// Por último, destrói a sessão
session_destroy();
?>

This way it worked perfectly.

Browser other questions tagged php javascript html html5

You are not signed in. Login or sign up in order to post.