Welcome Guest, Not a member yet? Register   Sign In
Session Class -> sess_destroy not removing session
#1

[eluser]Aeisor[/eluser]
I'll preface by saying I'm relatively new to CodeIgniter, so I could just be doing something wrong.

I'm calling $this->session->sess_destroy(); before any output; However, throughout the same page load I can still call $this->session->userdata('id'); and get the 'correct' information back. If I use $this->session->unset_userdata('id'); instead of sess_destroy(); everything works as I would expect and I get no data returned.

This is for a user logout and should therefore unset all userdata before continuing with the output. Is this not possible with CI sessions? To be honest, I'm not entirely convinced I should be using them over standard $_SESSION

Thanks in advance for any help / advice.

[Edit] This is Chrome 22 on Ubuntu 12.04
#2

[eluser]jojo777[/eluser]
Use [ code ][ /code ] tags to insert your code.

I usually use like this:

Code:
$this->session->sess_destroy();
redirect('any_function');

Hope it helps!

Also you can control user do not go back after logout.
#3

[eluser]Aeisor[/eluser]
So a redirect is required? I've tested and it certainly works around the problem. Hmm. Thanks for the pointer - it wasn't expected behaviour.
#4

[eluser]jojo777[/eluser]
[quote author="Aeisor" date="1351195666"]So a redirect is required? I've tested and it certainly works around the problem. Hmm. Thanks for the pointer - it wasn't expected behaviour. [/quote]

Al least all my time programming with CI I've used always redirect after $this->session->destroy()

Glad it helps dude!
#5

[eluser]alexwenzel[/eluser]
A redirect is required because the session (native php) only is destroyed by the next request.
#6

[eluser]Bart v B[/eluser]
Add this in your constructor:
Code:
<?php
$this->output->set_header("Cache-Control: no-store, no-cache, must-revalidate");
?>
#7

[eluser]aplund[/eluser]
Hi all,

I also have problem with the sess_destroy. I have two controllers:

web_public
web_private

in the web_private controller I have the following function ran every time the controller is accessed.

Code:
public function is_logged_in()
        {
            //get state from stored cookie
            $is_logged_in = $this->session->userdata('is_logged_in');

            //if its not set and if not true, redirect to public pages
            if(!isset($is_logged_in) || $is_logged_in !== TRUE)
            {
                redirect('web_public/index');
                die();
            }
            
        }

My log in function (in the public controller)
Code:
public function do_login()
        {
            $data = array(
                   'username'       => 'aplund',
                   'is_logged_in'   => TRUE
               );

            $this->session->set_userdata($data);

            //redirect user to private controller
            redirect('web_private', 'refresh');
        }

My log out function (in the private controller)

Code:
public function do_logout()
        {
            //destroy session
            
            $this->session->unset_userdata('username');
            $this->session->unset_userdata('email');
            $this->session->unset_userdata('is_logged_in');
            
            $this->session->sess_destroy();
            
            //redirect user to public controller
            redirect('web_public/index');

        }

in the footer "session information" is:

Code:
<p>Username: &lt;?php echo $this->session->userdata('username'); ?&gt;</p>
  <p>is_logged_in: &lt;?php echo $this->session->userdata('is_logged_in'); ?&gt;</p>

Before I have logged in for the first time I can't reach the controller (as excpected) but as soon as I have logged in and out once I can reach the private controller. (Sometimes it redirect to the public controller as expected but its enough to refresh the page a couple of times and I can reach the private controller) It fells like my session is not destroyed properly?

you can try the site here to see the sites live.

Any ideas?
#8

[eluser]aplund[/eluser]
[quote author="Bart v B" date="1351710611"]Add this in your constructor:
Code:
&lt;?php
$this->output->set_header("Cache-Control: no-store, no-cache, must-revalidate");
?&gt;
[/quote]

What is it for? To prevent the site to use cached webpages?
#9

[eluser]Bart v B[/eluser]
[quote author="aplund" date="1370874962"][quote author="Bart v B" date="1351710611"]Add this in your constructor:
Code:
&lt;?php
$this->output->set_header("Cache-Control: no-store, no-cache, must-revalidate");
?&gt;
[/quote]

What is it for? To prevent the site to use cached webpages?[/quote]

Yup. Exactly Smile
#10

[eluser]Bart v B[/eluser]
Code:
if(!isset($is_logged_in) || $is_logged_in !== TRUE)
            {
                redirect('web_public/index');
                die();
            }
Why in the world are you letting your script go dead?
die() stops everything. An exit() should be better here.




Theme © iAndrew 2016 - Forum software by © MyBB