Session wont destroy itself

**livewire1974** · Apr 16, 2009 12:34

Hi,
Have a strange one, see the code below, the same session id is printed each time the page is loaded, does anybody know whats going on?

Code:

session_destroy();
session_start();
$sessionid = session_id();
echo $sessionid;

Thanks..

**Ernie1** · Apr 16, 2009 12:42

you have to start the session before destroying it

**livewire1974** · Apr 16, 2009 12:47

Thanks, I tried this and its still the same

Code:

session_start();
session_destroy();
session_start();
$sessionid = session_id();
echo $sessionid;

**Ernie1** · Apr 16, 2009 13:18

if you have cookies enabled in browser, the session id is stored in the cookie
and the session_start will resume the session

**livewire1974** · Apr 16, 2009 13:22

Originally Posted by Ernie1

if you have cookies enabled in browser, the session id is stored in the cookie
and the session_start will resume the session

ahhhhh ok. I wanted to use the session id as a key for a database, i guess this is not very safe?

**simshaun** · Apr 16, 2009 13:23

Take a look at session_regenerate_id()

**simshaun** · Apr 16, 2009 13:23

Originally Posted by livewire1974

ahhhhh ok. I wanted to use the session id as a key for a database, i guess this is not very safe?

Depends.. if the user wants to know their session id, they simply look at their cookie. If its something you dont expect the user to know, then its not safe.

**Ernie1** · Apr 16, 2009 13:25

Originally Posted by simshaun

Take a look at session_regenerate_id()

this is it

**livewire1974** · Apr 16, 2009 13:26

Originally Posted by simshaun

Depends.. if the user wants to know their session id, they simply look at their cookie. If its something you dont expect the user to know, then its not safe.

It really makes no difference to the user, i need to write info to a database. This information is then taken by a process running on another machine, i pass this process the session id. I later use the same session Id to get a returned value from the process running on the other machine. This seems ok ?

**gregor171** · Apr 16, 2009 17:22

An idea

PHP Code:


class my_data_class{

//bla bla

 public function __destruct(){

// before that a html should be posted to client

// then you can store your session to mySql and not slow the response

}



}

or you can store it on the filesystem (could be also NAS) and make a CRON to store it to database ;-)

**crmalibu** · Apr 16, 2009 21:37

Originally Posted by livewire1974

It really makes no difference to the user, i need to write info to a database. This information is then taken by a process running on another machine, i pass this process the session id. I later use the same session Id to get a returned value from the process running on the other machine. This seems ok ?

Keep in mind, the user is able to choose thier own session id. Unless you manually ensure it, you aren't guaranteed php created the id in the first place.

You should not treat it as something secure or random.

**livewire1974** · Apr 16, 2009 22:33

Ok guys, thanks for the advice. I've dumped the session id idea and am now handling the issue with internal ID's.

Thanks

User Tag List

Thread: Session wont destroy itself

Thread Tools

Display

Session wont destroy itself

Bookmarks

Bookmarks

Posting Permissions