double sign out

Hi all I am experiencing the following issue

I add a product to my cart, then I click on view cart…while I am in view cart if I click on sign out it takes me back to the homepage and I am still logged in.

I actually have to click sign out again to effectively sign out.

Anyone else has the same problem?

How can I solve this?

What version of the cart and have you tried it in multiple browsers? A 'logout' should destroy the session.

[quote name='tbirnseth' timestamp='1334526812' post='134884']

What version of the cart and have you tried it in multiple browsers? A 'logout' should destroy the session.

[/quote]



I have tried with both Explorer and Firefox…same problem…logout does not distroy the session in my case



I noticed that if I login and then while still on the home I click on sign out it signs out no problem…

but if I login, then add a product to the cart and then click on view cart and try to sign out from there it takes me back to home as if I would be clicking on home button…once I am in home I click sign out again and it works…



I also noticed that if I sign in and do not add any products to the cart, but click on view cart and go on the empty cart page the problem occurs the same way…so it is not a matter of adding the product to the cart or not…it just happens once I am viewing the cart page…

The page producing the issue is index.php?dispatch=checkout.cart

any idea on how I can fix it?

I'm guessing that the cart is trying to outsmart you…

Given that you are on a cart page (normally you don't get there with an empty cart), a cart is created in your SESSION. The cart is also stored in the DB and is related to both your user_id and your session_id. (see the 'logout' mode in the controllers/common/auth.php controller).



So when you log out and it takes you back to the home page a new session is started with the same session_id, it sees that you have a saved cart and the session matches so it activates the old session that probably has you logged in.



You might try adding a call of:


Session::destroy(SID);


near the end of the 'logout' mode after the unset($_SESSION) is done.

[quote name='tbirnseth' timestamp='1334539149' post='134890']

I'm guessing that the cart is trying to outsmart you…

Given that you are on a cart page (normally you don't get there with an empty cart), a cart is created in your SESSION. The cart is also stored in the DB and is related to both your user_id and your session_id. (see the 'logout' mode in the controllers/common/auth.php controller).



So when you log out and it takes you back to the home page a new session is started with the same session_id, it sees that you have a saved cart and the session matches so it activates the old session that probably has you logged in.



You might try adding a call of:


Session::destroy(SID);


near the end of the 'logout' mode after the unset($_SESSION) is done.

[/quote]



Thank you for the reply

Can you plese tell me where exactly to add the Sessiion: : destroy (SID);

cannot find unset($_SESSION) in the aut.php

I would like to try it and see how it goes

What version are you running? The info I provided was based on 2.2.4

[quote name='tbirnseth' timestamp='1334613293' post='134947']

What version are you running? The info I provided was based on 2.2.4

[/quote]

2.2.4 but I downloaded aut.php and cannot find the line you indicated…

can you help me locate it?

Don't know anything about aut.php, but controllers/common/auth.php has the logout mode starting at about line 242.

If you want to insert the Session::destroy(SSID), do it just above the return. Note there is no space between the 2 colons. Not sure if these are your typos or mine.

[quote name='tbirnseth' timestamp='1334614278' post='134951']

Don't know anything about aut.php, but controllers/common/auth.php has the logout mode starting at about line 242.

If you want to insert the Session::destroy(SSID), do it just above the return. Note there is no space between the 2 colons. Not sure if these are your typos or mine.

[/quote]



I found it, sorry for the typo…I meant auth.php

also when you say “do it just above the return” what does it mean exactly? Again sorry for my ignorance and thanks for the replies

“It” is to insert the line just above the return with a line content of:

Session::destroy(SID);



But again please note that this shouldn't be necessary. The unset($_SESSION) should destroy any authentication info associated with the browser session. But the destroy() will hit it with a bigger hammer if you so choose.

[quote name='tbirnseth' timestamp='1334621833' post='134955']

“It” is to insert the line just above the return with a line content of:

Session::destroy(SID);



But again please note that this shouldn't be necessary. The unset($_SESSION) should destroy any authentication info associated with the browser session. But the destroy() will hit it with a bigger hammer if you so choose.

[/quote]



you are probably going to kill me but i dont know what return means…is it the parentesis } ?

is the code supposed to look like this:



if ($mode == 'logout') {

Session::destroy(SID);

// Regenerate session_id for security reasons
Session::regenerate_id();
fn_save_cart_content($_SESSION['cart'], $auth['user_id']);




let me know and thanks for your patience

The return is at the end of section near the closing brace (}'.

You should really hire someone who can help you.

Tried to add the string like you suggested but did not solved the problem…

I can confirm that the problem happens only when I am in the view cart page…if I do not go to view cart and try to log out it works correctly…

I also notice that once I am in the view cart page the sign out button is linking to this URL



mywebsite.com - This website is for sale! - mywebsite Resources and Information.



Is this the correct link to logout?



I am just wondering…when I click on sign out it kind of re-direct me to that address first and then to www.mywebsite.com

Good info. To me it looks like a bug.

The logout mode of the auth controller should remove the "redirect_url'.



What's probably happening is that you are in fact getting logged out but when are returned to the cart page, it is loading up the cart you had and then logging you back in again.



Report it in the bugtracker.

thanks…i did report it to bugtracker…will keep this post updated