Session does not log off in php

0

I'm creating a small site, but when I press to exit, the site shifts, but if I put the link on one of the pages, I can enter the system and it does not check if it was logged in, even with security fields

Login.php:

<div class="login">
  <div class="row">
    <div class="col-sm-5 texto-capa">
    <form method="POST" action="validalogin.php">
      <img class="mb-4" src="imagens/icon/android-icon-72x72.png" alt="" width="72" height="72">
      <h3>Área de Login</h3>
      <div class="form-group">
          <label>E-mail</label>
          <input type="text" class="form-control" id="login" name="login" placeholder="Digite seu e-mail..." />
        </div>
        <div class="form-group">
          <label>Senha</label>
          <input type="password" class="form-control" id="senha" name="senha" placeholder="Digite sua senha..."/>
        </div>
        <div class="checkbox mb-3">
         <label>
           <input type="checkbox" value="remember-me"> Relembre-me
         </label>
        </div>
        <button type="submit" class="btn btn-entrar"><b>ENTRAR</b></button><br>
        <p class="mt-5 mb-3 text-muted">&copy; 2018</p>
    </form>
    <p class="text-center text-danger">
      <?php
        if(isset($_SESSION['security'])){
          echo $_SESSION['security'];
          unset($_SESSION['security']);
        } 
      ?>
    </p>
    </div>
  </div>
</div>

Security.php

<?php
ob_start();
if($_SESSION['login'] == null || $_SESSION['id'] == null){
  $_SESSION['security'] = "Efetue o Login!";
  header("Location: login.php");
}
?>

Close.php

<?php
unset($_SESSION['login'], $_SESSION['id'], $_SESSION['usuario']);
session_destroy();
header("Location: login.php");
?>
    
asked by anonymous 01.03.2018 / 01:20

2 answers

0

In order not to edit the question and be without connection, I was able to solve the problem in the following way:

In all my php pages, the user will be left with the active session, it contains a check that starts:

if(isset($_SESSION['id']) == null)
{
  echo '<script language="javascript">';
  echo 'alert("Efetue seu Login!");';
  echo 'window.location.href="login.php"';
  echo '</script>';
}

However, in my close page.php I completely changed the code, to erase all data from $ _SESSION:

<?php
session_start();

// Apaga todas as variáveis da sessão
$_SESSION = array();

// Se é preciso matar a sessão, então os cookies de sessão também devem ser 
apagados.
// Nota: Isto destruirá a sessão, e não apenas os dados!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
    $params["path"], $params["domain"],
    $params["secure"], $params["httponly"]
);
header("Location: login.php");
}

// Por último, destrói a sessão
session_destroy();
?>

In this way, it worked perfectly.

    
03.03.2018 / 18:28
1

Considering that you should not have put all the code here, I assume that the missing is the exit after the header in security.php:

header("Location: login.php");
exit;

Regardless of whether this solves your problem or not, it is a good PHP programming practice to put exit after using header('Location:...') .

Also make sure you are using session_start() somewhere in your code before using unset() .

    
01.03.2018 / 14:54