I am trying to destroy the current Session and session_id, and create a new Session and new session_id, but my code is not working.
The abridged version goes like this…
session_start();
session_unset();
session_destroy();
session_start();
session_regenerate_id(true);
When I insert var_dump before and after this code the Session disappears, but I get the same session_id?! :-/
(I am trying to make it so that if someone clicks on my “Register” link in the page header, that my code makes sure that anyone who is currently logged in gets logged out and all Session and Session-Cookie data is destroyed, and then a new Session and session_id are created for the new User.)
What is going on?
Sincerely,
Debbie
<?php
session_start();
$ses_id = session_id();
var_dump($sess_id);
session_unset();
$ses_id = session_id();
var_dump($sess_id);
session_destroy();
$ses_id = session_id();
var_dump($sess_id);
session_start();
$ses_id = session_id();
var_dump($sess_id);
session_regenerate_id(true);
$ses_id = session_id();
var_dump($sess_id);
?>
Does each one of them give the same session id?
SpacePhoenix,
You had type-o’s.
In this corrected code…
<?php
session_start();
$sess_id = session_id();
var_dump($sess_id);
session_unset();
$sess_id = session_id();
var_dump($sess_id);
session_destroy();
$sess_id = session_id();
var_dump($sess_id);
session_start();
$sess_id = session_id();
var_dump($sess_id);
session_regenerate_id(true);
$sess_id = session_id();
var_dump($sess_id);
?>
I get these results…
string '341151efb5e845d504122b862316df5b' (length=32)
string '341151efb5e845d504122b862316df5b' (length=32)
string '' (length=0)
( ! ) Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /Users/user1/Documents/DEV/++htdocs/06_Debbie/public_html/test13.php:5) in /Users/user1/Documents/DEV/++htdocs/06_Debbie/public_html/test13.php on line 12
Call Stack
# Time Memory Function Location
1 0.0276 58596 {main}( ) ../test13.php:0
2 0.0291 59828 session_start ( ) ../test13.php:12
string '341151efb5e845d504122b862316df5b' (length=32)
( ! ) Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot regenerate session id - headers already sent in /Users/user1/Documents/DEV/++htdocs/06_Debbie/public_html/test13.php on line 15
Call Stack
# Time Memory Function Location
1 0.0276 58596 {main}( ) ../test13.php:0
2 0.0316 59940 session_regenerate_id ( ) ../test13.php:15
string '341151efb5e845d504122b862316df5b' (length=32)
So, yes, I am getting the same Session ID.
Debbie
Found this on the PHP manual for session_destroy:
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
If you look at your php.ini, do you have “session.use_cookies = 1”?, if so you need to use setcookie and remove the session cookie from the user’s PC as discussed at
http://stackoverflow.com/questions/6076214/why-is-php-generating-the-same-session-ids-everytime-in-test-environment-wamp