3

I have a logout file for my web application. I would like to create a session after the logout so that I can echo a logout success message. My logout code works but I am unable to create a new session after destroying the previous one.

What is the best way to do this, see code:

//LOGOUT.PHP
session_start(); 

//// unset all $_SESSION variables
session_regenerate_id();
session_unset();
session_destroy();

$_SESSION['logoutsuccess'] = 'You have successfully logged out.';
header("Location: /login/");
exit;


//LOGIN.PHP (ECHO SUCCESS MESSAGE)

if(isset($_SESSION['logoutsuccess']))
{
echo '<div class="success">'.$_SESSION['logoutsuccess'].'</div>'; 
unset($_SESSION['logoutsuccess']);
}

I would like to avoid passing variables in the url if possible.

hairynuggets
  • 3,081
  • 21
  • 54
  • 88

4 Answers4

12

Call session_start() again after session_destroy()?

Ry-
  • 209,133
  • 54
  • 439
  • 449
  • 1
    This is the best approach for your specific question, but I still don't see why you don't just show the message on the LOGOUT.PHP page. – Watermark Studios Oct 20 '11 at 22:58
  • @WatermarkStudios I'm doing the same thing.. he's possibly doing the redirect to avoid form resubmission on refresh... http://stackoverflow.com/questions/6320113/how-to-prevent-form-resubmission-when-page-is-refreshed-via-php – Sarah Mar 18 '16 at 15:12
6

Just start a new session:

session_start();
session_destroy();
session_start();
$_SESSION['food'] = 'pizza';
antriver
  • 779
  • 1
  • 9
  • 21
3

Instead of trying to store it as a session variable, you could check the referer and check for /logout/

if(strpos($_SERVER['HTTP_REFERER'], 'logout')  !== false) {
  echo 'You have successfully logged out.';
}
Ben Rowe
  • 27,548
  • 6
  • 52
  • 73
-1
session_id($session_id_to_destroy);
session_start();
session_destroy();
session_commit();
Pang
  • 9,073
  • 146
  • 84
  • 117
Monogarm
  • 11
  • 2
  • 8
    Please explain your answer, what it does, why, how... something, also note that OP is from 2011 – gmo Jul 30 '14 at 21:31