Getting same SessionID on regenerate

I am trying to destroy the current Session and session_id, and create a new Session and new session_id, but my code is not working.

The abridged version goes like this…


	session_start();

	session_unset();
	session_destroy();

	session_start();
	session_regenerate_id(true);

When I insert var_dump before and after this code the Session disappears, but I get the same session_id?! :-/

(I am trying to make it so that if someone clicks on my “Register” link in the page header, that my code makes sure that anyone who is currently logged in gets logged out and all Session and Session-Cookie data is destroyed, and then a new Session and session_id are created for the new User.)

What is going on?

Sincerely,

Debbie

<?php

session_start();
$ses_id = session_id();
var_dump($sess_id);
session_unset();
$ses_id = session_id();
var_dump($sess_id);
session_destroy();
$ses_id = session_id();
var_dump($sess_id);
session_start();
$ses_id = session_id();
var_dump($sess_id);
session_regenerate_id(true); 
$ses_id = session_id();
var_dump($sess_id);

?>

Does each one of them give the same session id?

SpacePhoenix,

You had type-o’s.

In this corrected code…


<?php

session_start();
$sess_id = session_id();
var_dump($sess_id);
session_unset();
$sess_id = session_id();
var_dump($sess_id);
session_destroy();
$sess_id = session_id();
var_dump($sess_id);
session_start();
$sess_id = session_id();
var_dump($sess_id);
session_regenerate_id(true);
$sess_id = session_id();
var_dump($sess_id);

?>

I get these results…


string '341151efb5e845d504122b862316df5b' (length=32)

string '341151efb5e845d504122b862316df5b' (length=32)

string '' (length=0)


( ! ) Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /Users/user1/Documents/DEV/++htdocs/06_Debbie/public_html/test13.php:5) in /Users/user1/Documents/DEV/++htdocs/06_Debbie/public_html/test13.php on line 12
Call Stack
#	Time	Memory	Function	Location
1	0.0276	58596	{main}( )	../test13.php:0
2	0.0291	59828	session_start ( )	../test13.php:12

string '341151efb5e845d504122b862316df5b' (length=32)


( ! ) Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot regenerate session id - headers already sent in /Users/user1/Documents/DEV/++htdocs/06_Debbie/public_html/test13.php on line 15
Call Stack
#	Time	Memory	Function	Location
1	0.0276	58596	{main}( )	../test13.php:0
2	0.0316	59940	session_regenerate_id ( )	../test13.php:15

string '341151efb5e845d504122b862316df5b' (length=32)

So, yes, I am getting the same Session ID.

Debbie

Found this on the PHP manual for session_destroy:

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

If you look at your php.ini, do you have “session.use_cookies = 1”?, if so you need to use setcookie and remove the session cookie from the user’s PC as discussed at
http://stackoverflow.com/questions/6076214/why-is-php-generating-the-same-session-ids-everytime-in-test-environment-wamp