[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Completly destroy a session and get a new session ID?

Posted on 2004-11-10
8
Medium Priority
?
261 Views
Last Modified: 2008-03-06
Ok i am working with sessions for the first time on my latest php project! i had no problems setting and using all my variables, now the problem is i want to destroy the session and start over..

i used the commands
      $_SESSION = array();
      session_destroy();

This works as expected.  Now the problem that i am having is that it appears that php then reuses the old session ID for this new session.  For my current project this doesn't work because i saved values to a temp database based on the sessionID and when it gets to that part of the program it pulls up all the data from the last session...

Any Help is greatly Appreciated!
-Travis
0
Comment
Question by:mightofnight
  • 4
  • 4
8 Comments
 
LVL 27

Expert Comment

by:Diablo84
ID: 12551136
Generally speaking theres little you can do about it, the session id wont change until the browser is closed and a new browsing session begins, however, you might be able to make use of session_regenerate_id().

see: http://us2.php.net/manual/en/function.session-regenerate-id.php

Be careful when you use it though or you might run into problems, i recommend somewhere after session_start(); controlled by a conditional if statement so it isnt triggered every reload.
0
 
LVL 2

Author Comment

by:mightofnight
ID: 12551153
i have seen in a few places where people have reset the cookie to expire but i didn't have any luck in doing so..

I will give that a try i have two spots in my program where i want to reset a session and that command should work perfect there!
0
 
LVL 27

Accepted Solution

by:
Diablo84 earned 2000 total points
ID: 12551176
An important note from the manual:

"Note:  As of PHP 4.3.3, if session cookies are enabled, use of session_regenerate_id() will also submit a new session cookie with the new session id."

This isn't the most convienient implementation because it results in the error "session_destroy(): Session object destruction failed" if you get the code flow wrong, i recommend you look at the first user contributed note for the page linked above.

And attempts of deleting the session cookie wont work, i tried various things once a long time ago and concluded that the id will stay until the browsing session ends.


0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 27

Expert Comment

by:Diablo84
ID: 12551203
Heres an example method of how you could work this, far less then elegant but it avoids error:

<?php
session_start();
if (isset($_GET['destroy_phase1'])) {
 $_SESSION = array();
 session_destroy();
 header("location: ".$_SERVER['PHP_SELF']."?destroy_phase2");
 exit;
}
elseif (isset($_GET['destroy_phase2'])) {
 session_regenerate_id();
 header("location: ".$_SERVER['PHP_SELF']);
 exit;
}

$_SESSION['test'] = "value";

echo $_SESSION['test']."<br>";

echo session_id();

echo "<br><a href=\"".$_SERVER['PHP_SELF']."?destroy_phase1\">Destroy session and generate new id</a>";
echo "<br><a href=\"".$_SERVER['PHP_SELF']."\">Reload the page maintaining data</a>";
?>

I will be leaving soon so if you need any more assistance i will check back tomorrow.

Good Luck.
0
 
LVL 2

Author Comment

by:mightofnight
ID: 12551216
hum.. i just removed these two lines

   $_SESSION = array();
     session_destroy();

and replaced with
 session_regenerate_id();

it seams to work fine? am i maybe missing something..

What i am working on is a service system for doing auto service's and whre they enter the vin i want to restart the session so i just threw session_regenerate_id(); before the form is generated and output
0
 
LVL 2

Author Comment

by:mightofnight
ID: 12551221
i guess i am got understaing the error that your talking about?
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 12551251
>> it seams to work fine? am i maybe missing something..

no thats logical as you are effectively creating a completely new session it just means that all of the data related to the old session id is still saved on the server and isnt technically destroyed. I guess the Garbage cleanup will handle that.

The error occurs if you do something like:

session_regenerate_id();
session_destroy();

Also, i am not sure how well this will work with your project, but instead of relying on the session_id you could instead use the uniqid function, see the documentation for more info: http://www.php.net/manual/en/function.uniqid.php

Im afraid i have to go offline now so if you need to know anything else i will check back tomorrow.
Also if you run into any problems with it after closing the question feel free to post back and i will get back to you, this is something that doesn't get used often so unexpected issues might come up.

Regards
0
 
LVL 2

Author Comment

by:mightofnight
ID: 12551301
Thanks for the help, ya i think for my next project i will not depend on the session_id in such a matter but for this one i would have to rewrite to many sql statements...

Thanks again for all the help!
-Travis
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days socially coordinated efforts have turned into a critical requirement for enterprises.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses
Course of the Month18 days, 15 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question