Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

php logout failed, unset($_SESSION['user']) does not work #14140

Closed
Sosycs opened this issue Feb 26, 2019 · 2 comments
Closed

php logout failed, unset($_SESSION['user']) does not work #14140

Sosycs opened this issue Feb 26, 2019 · 2 comments
Labels
answered For when a question was asked and we referred to forum or answered it.

Comments

@Sosycs
Copy link

Sosycs commented Feb 26, 2019

This has been a problem for more than week, and I started to believe it has something with other than the code!

This is my session page:

<?php
  session_start();
  include('dbConfigBDO.php');
  include('SafeRedirect.php');

  if(!isset($_SESSION['login_user'])){
      safe_redirect('login.php');
      die();
  }
  ?>

I set $_SESSION['login_user'] after login and call session.php in every page. I also have a logout page:

<?php
  session_start();
  require 'SafeRedirect.php';
  unset($_SESSION['login_user']);
  session_destroy();
  safe_redirect('login.php');
  ?>

my SafeRedirect.php page, I used it from [here][1]

<?php
    function safe_redirect($url, $exit=true) {
        if (!headers_sent()){
    
            header('HTTP/1.1 301 Moved Permanently');
            header('Location: ' . $url);
    
            header("Connection: close");
        }
    
        print '<html>';
        print '<head><title>Redirecting you...</title>';
        print '<meta http-equiv="Refresh" content="0;url='.$url.'" />';
        print '</head>';
        print '<body onload="location.replace(\''.$url.'\')">';
    
        print 'You should be redirected to this URL:<br />';
        print "<a href=$url>'$url'</a><br /><br />";
    
        print 'If you are not, please click on the link above.<br />';
    
        print '</body>';
        print '</html>';
    
        if ($exit) exit;
    }
    ?>

The problem here even after logout I still can access my pages which I was trying to prevent by using sessions. I tried to open my pages from different browsers (Hoping the problem would be from the browser setting) but its the same.

What could be possibly wrong?
@Findus23
Copy link
Member

Hi,

Could you please further explain how this is a bug in Matomo?
If not I'd recommend you to ask this question somewhere else (e.g. stackoverflow) as this is the issue tracker for bugs in Matomo.

@tsteur
Copy link
Member

tsteur commented Feb 26, 2019

@Sosycs I'll close the issue. If this is Matomo related and a bug in Matomo feel free to comment. If you're doing some custom development you may want to ask in the forums: https://forum.matomo.org

@tsteur tsteur closed this as completed Feb 26, 2019
@tsteur tsteur added the answered For when a question was asked and we referred to forum or answered it. label Feb 26, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
answered For when a question was asked and we referred to forum or answered it.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tsteur @Findus23 @Sosycs