HELP!!! session variables survives after logout!!!

Posted by Alejandra on Stack Overflow See other posts from Stack Overflow or by Alejandra
Published on 2010-05-19T14:59:07Z Indexed on 2010/05/19 15:00 UTC
Read the original article Hit count: 150

Filed under:

php

|

sessions

Hi guys!

I have a problem, will explain how to reproduce the problem:

1- login into my page (sesion variables set as $_SESSION['logged'] = true and $_SESSION['id'] = 123

2-then inside the main menu I click logout option, code like this

function logout()
{
    session_start();
    $_SESSION['id'] = null;
    $_SESSION['logged'] = null;

    unset($_SESSION);

    session_destroy();

    require_once('Views/SessionExpiredView.php');   
}

3- In the session expired view I display a link the login page, there session is null

4- I click back on the browser and click ok to resend information

5- session becomes again $_SESSION['logged'] = true and $_SESSION['id'] = 123 and I'm loggued again and able to see all the information related to the id 123

This is a security issue and I don't know what is happening!!!

any suggestion will be deeply appreciated.

Alejandra

© Stack Overflow or respective owner

Related posts about php

Magento, NGINX, PHP-FPM, APC, MEMCACHED, 16gb Ram CentOS, Spiking PHP-FPM to 100% CPU

as seen on Server Fault - Search for 'Server Fault'
I have been trying to resolve my issue of spiking cpu caused by php-fpm processes. I've reduced the php-fpm config settings to: pm = ondemand pm.max_children = 12 pm.start_servers = 2 pm.min_spare_servers = 2 pm.max_spare_servers = 10 pm.max_requests = 500 php_admin_value[memory_limit] = 128M Problem… >>> More
PHP Pear Installation on CentOS

as seen on Server Fault - Search for 'Server Fault'
[root@ip ~]# yum install php-pear* Reducing CentOS-5 Testing to included packages only Finished Setting up Install Process Package 1:php-pear-1.8.1-2.el5.centos.noarch already installed and latest versio … >>> More
Apache configurations for php "AddType text/html php" or "AddType application/x-httpd-php php .php"

as seen on Server Fault - Search for 'Server Fault'
I am taking over an application server and discover that it contain the following settings: AddType text/html php Although it works, but my understanding is that it should set as following: AddType application/x-httpd-php php .php What are the key differences between the two settings?… >>> More
mod_rewrite settings causes server to throw HTTP 500 errors instead of 404

as seen on Server Fault - Search for 'Server Fault'
Hello. I have a server with VBulletin forum (working under Apache 2.2, CentOS). The default settings for it in .htaccess are as follows: RewriteEngine on RewriteCond %{HTTP_HOST} ^gsmforum\.ru RewriteRule (.*) http://www.gsmforum.ru/$1 [R=301,L] # If you are having problems or are using VirtualDocumentRoot… >>> More
Problems installing Memcache (PECL extension)

as seen on Server Fault - Search for 'Server Fault'
I have installed memcached fine, and now I will need to install PECL extension memcache. Im running RedHat x86_64 es5. The installation gives me this: downloading memcache-2.2.6.tgz ... Starting to download memcache-2.2.6.tgz (35,957 bytes) ..........done: 35,957 bytes 11 source files, building running:… >>> More

Related posts about sessions

SQLAuthority News – Speaking Sessions at TechEd India – 3 Sessions – 1 Panel Discussion

as seen on SQL Authority - Search for 'SQL Authority'
Microsoft Tech-Ed India 2010 is considered as the major Technology event of the year for various IT professionals and developers. This event will feature a comprehensive forum in order to learn, connect, explore, and evolve the current technologies we have today. I would recommend this event to… >>> More
SQLAuthority News Speaking Sessions at TechEd India 3 Sessions 1 Panel Discussion

as seen on Dot net Slackers - Search for 'Dot net Slackers'
Microsoft Tech-Ed India 2010 is considered as the major Technology event of the year for various IT professionals and developers. This event will feature a comprehensive forum in order to learn, connect, explore, and evolve the current technologies we have today. I would recommend this event to you… >>> More
CherryPy sessions for same domain, different port

as seen on Stack Overflow - Search for 'Stack Overflow'
Consider the script below. It will launch two subprocesses, each one a CherryPy app (hit Ctrl+C or whatever the KeyboardInterrupt combo is on your system to end them both). If you run it with CP 3.0 (taking care to change the 3.0/3.1 specific lines in "StartServer"), then visit: http://localhost:15002/… >>> More
Want to go to DevConnections for Free? Speak at DotNetNuke Connections

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
So every year in November (for the past 3 years at least!) DotNetNuke has been part of the DevConnections conference in Las Vegas, Nevada. This year (2010) will be no different as DotNetNuke Connections is back ( This year’s conference is scheduled for 11/1-11/4/2010 ) and guess what? I… >>> More
The Deadline Cometh

as seen on Oracle Blogs - Search for 'Oracle Blogs'
Only Two More Days to Suggest a Session. We've received 2,906 votes for presentations since the launch of the Suggest a Session program. Have you voted? Have you suggested a presentation for Oracle OpenWorld 2010 or Oracle Develop 2010? If "yes," you've done well. If "no," you still have a chance… >>> More