SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,930
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Getting same SessionID on regenerate

    I am trying to destroy the current Session and session_id, and create a new Session and new session_id, but my code is not working.

    The abridged version goes like this...

    PHP Code:
        session_start();

        
    session_unset();
        
    session_destroy();

        
    session_start();
        
    session_regenerate_id(true); 
    When I insert var_dump before and after this code the Session disappears, but I get the same session_id?!

    (I am trying to make it so that if someone clicks on my "Register" link in the page header, that my code makes sure that anyone who is currently logged in gets logged out and all Session and Session-Cookie data is destroyed, and then a new Session and session_id are created for the *new* User.)

    What is going on?

    Sincerely,


    Debbie

  2. #2
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    5,068
    Mentioned
    103 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    <?php

    session_start
    ();
    $ses_id session_id();
    var_dump($sess_id);
    session_unset();
    $ses_id session_id();
    var_dump($sess_id);
    session_destroy();
    $ses_id session_id();
    var_dump($sess_id);
    session_start();
    $ses_id session_id();
    var_dump($sess_id);
    session_regenerate_id(true); 
    $ses_id session_id();
    var_dump($sess_id);

    ?>
    Does each one of them give the same session id?
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  3. #3
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,930
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    SpacePhoenix,

    You had type-o's.

    In this corrected code...
    PHP Code:
    <?php

    session_start
    ();
    $sess_id session_id();
    var_dump($sess_id);
    session_unset();
    $sess_id session_id();
    var_dump($sess_id);
    session_destroy();
    $sess_id session_id();
    var_dump($sess_id);
    session_start();
    $sess_id session_id();
    var_dump($sess_id);
    session_regenerate_id(true);
    $sess_id session_id();
    var_dump($sess_id);

    ?>

    I get these results...
    Code:
    string '341151efb5e845d504122b862316df5b' (length=32)
    
    string '341151efb5e845d504122b862316df5b' (length=32)
    
    string '' (length=0)
    
    
    ( ! ) Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /Users/user1/Documents/DEV/++htdocs/06_Debbie/public_html/test13.php:5) in /Users/user1/Documents/DEV/++htdocs/06_Debbie/public_html/test13.php on line 12
    Call Stack
    #	Time	Memory	Function	Location
    1	0.0276	58596	{main}( )	../test13.php:0
    2	0.0291	59828	session_start ( )	../test13.php:12
    
    string '341151efb5e845d504122b862316df5b' (length=32)
    
    
    ( ! ) Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot regenerate session id - headers already sent in /Users/user1/Documents/DEV/++htdocs/06_Debbie/public_html/test13.php on line 15
    Call Stack
    #	Time	Memory	Function	Location
    1	0.0276	58596	{main}( )	../test13.php:0
    2	0.0316	59940	session_regenerate_id ( )	../test13.php:15
    
    string '341151efb5e845d504122b862316df5b' (length=32)
    So, yes, I am getting the same Session ID.


    Debbie

  4. #4
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,223
    Mentioned
    153 Post(s)
    Tagged
    0 Thread(s)
    Found this on the PHP manual for session_destroy:
    In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
    If you look at your php.ini, do you have "session.use_cookies = 1"?, if so you need to use setcookie and remove the session cookie from the user's PC as discussed at
    http://stackoverflow.com/questions/6...vironment-wamp


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •