SitePoint Sponsor

User Tag List

Results 1 to 12 of 12
  1. #1
    SitePoint Addict
    Join Date
    Jul 2008
    Posts
    255
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Session wont destroy itself

    Hi,
    Have a strange one, see the code below, the same session id is printed each time the page is loaded, does anybody know whats going on?

    Code:
    session_destroy();
    session_start();
    $sessionid = session_id();
    echo $sessionid;
    Thanks..

  2. #2
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    you have to start the session before destroying it
    my mobile portal
    ghiris.ro

  3. #3
    SitePoint Addict
    Join Date
    Jul 2008
    Posts
    255
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks, I tried this and its still the same
    Code:
    session_start();
    session_destroy();
    session_start();
    $sessionid = session_id();
    echo $sessionid;

  4. #4
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    if you have cookies enabled in browser, the session id is stored in the cookie
    and the session_start will resume the session
    my mobile portal
    ghiris.ro

  5. #5
    SitePoint Addict
    Join Date
    Jul 2008
    Posts
    255
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Ernie1 View Post
    if you have cookies enabled in browser, the session id is stored in the cookie
    and the session_start will resume the session
    ahhhhh ok. I wanted to use the session id as a key for a database, i guess this is not very safe?

  6. #6
    SitePoint Evangelist simshaun's Avatar
    Join Date
    Apr 2008
    Location
    North Carolina
    Posts
    438
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Take a look at session_regenerate_id()

  7. #7
    SitePoint Evangelist simshaun's Avatar
    Join Date
    Apr 2008
    Location
    North Carolina
    Posts
    438
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by livewire1974 View Post
    ahhhhh ok. I wanted to use the session id as a key for a database, i guess this is not very safe?
    Depends.. if the user wants to know their session id, they simply look at their cookie. If its something you dont expect the user to know, then its not safe.

  8. #8
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by simshaun View Post
    this is it
    my mobile portal
    ghiris.ro

  9. #9
    SitePoint Addict
    Join Date
    Jul 2008
    Posts
    255
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by simshaun View Post
    Depends.. if the user wants to know their session id, they simply look at their cookie. If its something you dont expect the user to know, then its not safe.
    It really makes no difference to the user, i need to write info to a database. This information is then taken by a process running on another machine, i pass this process the session id. I later use the same session Id to get a returned value from the process running on the other machine. This seems ok ?

  10. #10
    SitePoint Enthusiast
    Join Date
    Apr 2009
    Location
    Ljubljana, Slovenia
    Posts
    36
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    An idea
    PHP Code:
    class my_data_class{
    //bla bla
     
    public function __destruct(){
    // before that a html should be posted to client
    // then you can store your session to mySql and not slow the response
    }


    or you can store it on the filesystem (could be also NAS) and make a CRON to store it to database ;-)
    Gregor Grajzar, web developer
    http://xweblabs.com
    http://grajzar.info

  11. #11
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by livewire1974 View Post
    It really makes no difference to the user, i need to write info to a database. This information is then taken by a process running on another machine, i pass this process the session id. I later use the same session Id to get a returned value from the process running on the other machine. This seems ok ?
    Keep in mind, the user is able to choose thier own session id. Unless you manually ensure it, you aren't guaranteed php created the id in the first place.

    You should not treat it as something secure or random.

  12. #12
    SitePoint Addict
    Join Date
    Jul 2008
    Posts
    255
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok guys, thanks for the advice. I've dumped the session id idea and am now handling the issue with internal ID's.

    Thanks


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •