logoff page isn't redirecting properly

[carlwhat]

Check your /includes/configure.php file, making sure that it's "in sync" with any .htaccess redirect directives.

That is, if your configure.php contains a www. prefix, make sure that the .htaccess isn't redirecting to non-www. (and vice versa).

Make sure, too, that your configure.php specifies either 'true' or 'false' for the USE_SSL definition; I've seen 1.5.5 upgrades where it's set to '' (an empty string), which can be problematic.

i do not think these 'solutions' are the problem. see screenshot:

[ttfan]

Thank you!

to make sure i understand, this worked perfectly before; the site was moved to a new server; and now you are getting too many redirects before it errors out? is that correct?

Yes that is exactly what happened.

if so, it seems that your new server is configured differently than the old server. from what i can gather, the logoff page is NOT destroying the session data. the code from:

includes/modules/pages/logoff/header_php.php

Code:

/**
  * Check if there is still a customer_id
  * If so, kill the session, and redirect back to the logoff page
  * This will cause the header logic to see that the customer_id is gone, and thus not display another logoff link
  */
if (!empty($_SESSION['customer_id']) || !empty($_SESSION['customer_guest_id'])) {
  zen_session_destroy();
  zen_redirect(zen_href_link(FILENAME_LOGOFF, $logoff_lang));
}

this would explain why the page works perfectly if one is not logged in, but fails when the customer is logged in. so something is different on the server with regards to the session data.

one could try the following code:

Code:

/**
  * Check if there is still a customer_id
  * If so, kill the session, and redirect back to the logoff page
  * This will cause the header logic to see that the customer_id is gone, and thus not display another logoff link
  */
if (!empty($_SESSION['customer_id']) || !empty($_SESSION['customer_guest_id'])) {
  session_start();
  zen_session_destroy();
  zen_redirect(zen_href_link(FILENAME_LOGOFF, $logoff_lang));
}

and see if that addresses the problem.... but i'm really guessing blind based on some reading i'm doing.

there are plenty of threads out there on session_destroy not deleting $_SESSION variables. the above references one such solution.

good luck!

I tried that, but it did not work.

I'll look for other threads relating to this, see if I can find a solution.

THank you!

[ttfan]

Hmmm could not find any other references, except really old one.

Should it perhaps be zen_session_start(); instead of session_start();?

[ttfan]

There are my session settings:
Session Directory /home2/xxxxxx/public_html/cache
Cookie Domain True
Force Cookie Use False
Check SSL Session ID False
Check User Agent False
Check IP Address False
Prevent Spider Sessions True
Recreate Session True
IP to Host Conversion Status true
Use root path for cookie path False
Add period prefix to cookie domain True

[carlwhat]

ok, this is one of the things that drives me crazy - not understanding how something works! perhaps @DrByte (or someone else) can chime in.

i have a working ZC with a working logoff page. if i change my code to such:

Code:

if (!empty($_SESSION['customer_id']) || !empty($_SESSION['customer_guest_id'])) {
    echo '111--------> ' .$_SESSION['customer_id'] . ' <----------';
  zen_session_destroy();
    echo '2222--------> ' . $_SESSION['customer_id'] . ' <----------';
    die(__FILE__ . ':' . __LINE__);
  zen_redirect(zen_href_link(FILENAME_LOGOFF, $logoff_lang));
}

my customer_id is still there, and yet my logoff page works, so my customer_id is getting destroyed somewhere else. in fact, when i looked at all my $_SESSION variables here, i did not see zen_session_destroy() doing much of anything (although i did not look that close). what to make of that?

my page works, yours does not. you can try the following code:

Code:

if (!empty($_SESSION['customer_id']) || !empty($_SESSION['customer_guest_id'])) {
  zen_session_destroy();
  unset($_SESSION['customer_id']);
  zen_redirect(zen_href_link(FILENAME_LOGOFF, $logoff_lang));
}

pretty sure that will work, although i'm not sure about any other intended consequences....

let us know.

best.

[ttfan]

Thank you again!

It does not seem to work either... unless the logoff file is cashed somehow. I tried several times with different browsers.

[carlwhat]

try running that fix cache key file as indicated here:

https://www.zen-cart.com/showthread....10#post1304910

despite it saying it is not necessary after v1.5.3, it can not hurt.

if that does not work, change the code as such, and report back what happens:

Code:

if (!empty($_SESSION['customer_id']) || !empty($_SESSION['customer_guest_id'])) {
  zen_session_destroy();
  die('trying to logoff');
  unset($_SESSION['customer_id']);
  zen_redirect(zen_href_link(FILENAME_LOGOFF, $logoff_lang));
}

[ttfan]

I tried the fix cache key, did not fix it.

Tried your new code, it comes up with a blank page with just your text "trying to logoff" at the top left.

[ttfan]

Check your /includes/configure.php file, making sure that it's "in sync" with any .htaccess redirect directives.

That is, if your configure.php contains a www. prefix, make sure that the .htaccess isn't redirecting to non-www. (and vice versa).

Make sure, too, that your configure.php specifies either 'true' or 'false' for the USE_SSL definition; I've seen 1.5.5 upgrades where it's set to '' (an empty string), which can be problematic.

Yes, all checked and correct.

[carlwhat]

I tried the fix cache key, did not fix it.

Tried your new code, it comes up with a blank page with just your text "trying to logoff" at the top left.

we are in the right place.... last try:

PHP Code:

if (!empty($_SESSION['customer_id']) || !empty($_SESSION['customer_guest_id'])) {
  zen_session_destroy();
  unset($_SESSION['customer_id']);
  unset($_SESSION['customer_guest_id']);
  zen_redirect(zen_href_link(FILENAME_LOGOFF, $logoff_lang));
} 


best.