Distroy Session

[PCHomepage]

Perhaps not precisely a PHP question but I'm not sure where else to post it. It seems that the current session on my local development system (WAMP) is somehow locked. I can add session values and even create new ones but existing ones seem to remain. I tried totally wiping out the session with:

if ( isset( $_COOKIE[session_name()] ) )
setcookie( session_name(), “”, time()-3600, “/” );
$_SESSION = array();
session_destroy();

But get an error that seems to confirm the suspicion although I'm not sure. Can anyone clarify? I have a script that views the session values and shows them unchanged.

Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session

 

[PCHomepage]

It appears to be the cookie values that are "stuck" so I'm looking into it from that perspective now. There are values but even hard-coding one to a new value, the old value remains.

 

[jpadie]

to kill a session

[b][COLOR=#0000FF]if[/color][/b][COLOR=#990000]([/color][b][COLOR=#000000]session_id[/color][/b][COLOR=#990000]()[/color] [COLOR=#990000]==[/color] [COLOR=#FF0000]''[/color][COLOR=#990000])[/color] [b][COLOR=#000000]session_start[/color][/b][COLOR=#990000]();[/color]
[COLOR=#009900]$_SESSION[/color] [COLOR=#990000]=[/color] [b][COLOR=#0000FF]array[/color][/b][COLOR=#990000]();[/color]
[COLOR=#009900]$params[/color] [COLOR=#990000]=[/color] [b][COLOR=#000000]session_get_cookie_params[/color][/b][COLOR=#990000]();[/color]
[b][COLOR=#000000]setcookie[/color][/b][COLOR=#990000]([/color][b][COLOR=#000000]session_name[/color][/b][COLOR=#990000](),[/color] [COLOR=#FF0000]''[/color][COLOR=#990000],[/color] [b][COLOR=#000000]time[/color][/b][COLOR=#990000]()[/color] [COLOR=#990000]-[/color] [COLOR=#993399]100000[/color][COLOR=#990000],[/color][COLOR=#009900]$params[/color][COLOR=#990000][[/color][COLOR=#FF0000]"path"[/color][COLOR=#990000]],[/color] [COLOR=#009900]$params[/color][COLOR=#990000][[/color][COLOR=#FF0000]"domain"[/color][COLOR=#990000]],[/color][COLOR=#009900]$params[/color][COLOR=#990000][[/color][COLOR=#FF0000]"secure"[/color][COLOR=#990000]],[/color][COLOR=#009900]$params[/color][COLOR=#990000][[/color][COLOR=#FF0000]"httponly"[/color][COLOR=#990000]]);[/color]
[b][COLOR=#000000]session_destroy[/color][/b][COLOR=#990000]();[/color]
[b][COLOR=#000000]session_write_close[/color][/b][COLOR=#990000]();[/color]

 

[PCHomepage]

Thank you but it gives the same error as above that it is trying to destroy an uninitialized session. No matter as I'm not sure that it is still the problem that it was as the site seems to be working but it is a curiosity.

There is one cookie that should be CountryID=1 and that is indeed what the session value is but the cookie shows it as CountryID=70 and no amount of manual rewriting seems to change it. I can add and remove a second one, such as CountryID2=1 but the original won't go away or change. I am beginning to think that there might be something somewhere that is resetting it and, if so, I'll locate it eventually!

 

[jpadie]

a bit more conditionality perhaps

if(session_id() == ''):
session_start();
if (count($_SESSION) > 0 ):
$_SESSION = array();
session_destroy();
endif;
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 100000,$params["path"], $params["domain"],$params["secure"],$params["httponly"]);
session_write_close();
endif;
[/code]

if you get an error/warning/notice on the above then something else is going wrong and you need to post your code.

 

[jpadie]

on re-reading your last post, I am confused.

cookie shows it as CountryID=70 and no amount of manual rewriting seems to change it. I can add and remove a second one, such as CountryID2=1 but the original won't go away or change. I am beginning to think that there might be something somewhere that is resetting it and, if so, I'll locate it eventually!

what do you mean by 'cookie shows it'? the session cookie ONLY contains the id of the session. nothing else at all. nothing.

that is the ONLY value and ONLY cookie that is relevant to sessions.

if there are cookies called countryID then, unless you have curiously named your session 'countryID' then that cookie is wholly irrelevant to sessions. it has been set by some other code.

to change the value of a cookie, simply send a new cookie with the same name. you will need to do this manually as it is highly unlikely that countryID is the name of the session.

 

[PCHomepage]

Thank you for that. I have a simple script for listing cookie and session values. In the cookie section, it shows clearly CountryID=70 while in the session section, it shows the proper CountryID=1.

Your previous code gave no errors but neither did it wipe out any session or cookie values. No worries, though, as a slight adjustment to the programming made it favor the session CountryID value which is working properly. It could be that the incorrect cookie CountryID value is some leftover from an old version of the site although I would have expected it to be gone by now or at least to be changable.

As for posting code, I did that above so I'm not sure what other code might be wanted unless you mean to post the php.ini file. Otherwise the code for the site has many dozens of pages any number of which might be generating the values.

 

[jpadie]

destroying a session will not impact any cookie at all. Ever.

the code that I wrote above (taken from the manual) will impact the SESSION cookie. typically this is called PHPSESSIONID. It will not alter any other cookie. Ever.

so it is not a useful task to consider the value of any cookie in the context of sessions. the ONLY relevant cookie will be PHPSESSIONID and you will know whether that is working by whether you are getting the same session store as you did on the last page refresh.

cookies and sessions are entirely different. cookies live client side, sessions live server side. Sessions are able to maintain state through the use of a single cookie but they don't have to. They can use transid instead.

the user cannot influence the value of a session variable (although it can appear as a new session). a user can always influence the value of a cookie; making it useless for maintaining any information that you later need to trust.