php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #22840 session file won't be deleted when session_destroy used
Submitted: 2003-03-24 02:27 UTC Modified: 2003-03-24 04:57 UTC
From: chair123 at 163 dot net Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.3.1 OS: win2000pro
Private report: No CVE-ID: None
View Developer Edit
 [2003-03-24 02:27 UTC] chair123 at 163 dot net 
session.php
<?php
  $Access = "999999"; 
  $UserID = "Chair";
  session_start();
  session_register("Access");
  session_register("UserID");
  header (Location: chksession.php);

?>

chksession.php

<?php
  session_start();
  session_register("Access");
  session_register("UserID");
  echo $Access;
  echo $UserID;
  session_unset;
  session_destroy;
 
?>

 when I type http://127.0.0.1/session.php in IE frist, It's nothing in the screen. NO session file in directory c:\php\sessiondata.
I typed in second time, it 's "99999Chair" in the screen(the same IE). and sess_7e2ebd21da6d67c7e9f3860ae7c60a6 file in there. and whatever you chang your php file , the session file never been removed! and I put the php file in redhat 8.0, all is right. please give me a hand.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-03-24 04:55 UTC] chair123 at 163 dot net 
got the problem...

 If I use
echo "<script> window.location.href='chksession.php' </script>"; instead of header(??location: chksession.php"),
that's all right.

  It must be a bug in win2000pro
 [2003-03-24 04:57 UTC] sniper@php.net 
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

header("Location: somefile.php"); is invalid anyway..
 [2003-03-24 11:48 UTC] notepad at codewalkers dot com 
i can't get sessions to destroy at all in PHP v4.3.1. - it seems to set the variable $_SESSION['valid_user'] even when the login form is left blank. so i made it harder to login, and now the login function won't return true even if it's a valid attempt.. craziness

testdb.txt example:
myuserid|mypass

sessiontest.php example:
<?php
session_start();

if(isset($_POST['userid']) && isset($_POST['password']))
{
    // if user has just tried to login
    $userid = $_POST['userid'];
    $password = $_POST['password'];
}

// retrieve info from database, register id if they're in the database
$data = file('testdb.txt');
function login($id, $pass, $db)
{
    foreach($db as $key=>$value)
    {
        $divide = explode('|', $value);
        if(($divide[0] == "$id") && ($divide[1] == "$pass"))
        {
            //echo 'yes: '.$id.':'.$pass.'<br>';
            return true;
        }
        else
        {
            //echo 'no: '.$id.':'.$pass.'<br>';
            return false;
        }
    }
}

if(@login($userid, $password, $data))
{
    @$_SESSION['valid_user'] = $userid;

    $olduser = $_SESSION['valid_user'];
    $oldid = session_id();
    //setcookie(session_name());
    $_COOKIE = array();
    $_SESSION = array();
    $_REQUEST = array();
    session_destroy();
    echo '<html><body>';
    echo 'you are logged in as '.$olduser.' : '.$oldid.'<br>';
    echo '<br><a href="'.$_SERVER['PHP_SELF'].'">logout</a>';
}
else
{
    if(isset($userid))
    echo 'could not log you in';
    else
    echo 'you are not logged in';
?>
<html><body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table><tr><td>
userid:
</td><td>
<input type="text" name="userid">
</td></tr><tr><td>
password:
</td><td>
<input type="password" name="password">
</td></tr><tr><td colspan="2" align="center">
<input type="submit" value="login">
</td></tr></table></form>

<?php
}

?>
</body></html>
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Dec 06 10:00:01 2025 UTC