Completly destroy a session and get a new session ID?

Ok i am working with sessions for the first time on my latest php project! i had no problems setting and using all my variables, now the problem is i want to destroy the session and start over..

i used the commands
      $_SESSION = array();
      session_destroy();

This works as expected.  Now the problem that i am having is that it appears that php then reuses the old session ID for this new session.  For my current project this doesn't work because i saved values to a temp database based on the sessionID and when it gets to that part of the program it pulls up all the data from the last session...

Any Help is greatly Appreciated!
-Travis
LVL 2
mightofnightAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Diablo84Commented:
Generally speaking theres little you can do about it, the session id wont change until the browser is closed and a new browsing session begins, however, you might be able to make use of session_regenerate_id().

see: http://us2.php.net/manual/en/function.session-regenerate-id.php

Be careful when you use it though or you might run into problems, i recommend somewhere after session_start(); controlled by a conditional if statement so it isnt triggered every reload.
0
mightofnightAuthor Commented:
i have seen in a few places where people have reset the cookie to expire but i didn't have any luck in doing so..

I will give that a try i have two spots in my program where i want to reset a session and that command should work perfect there!
0
Diablo84Commented:
An important note from the manual:

"Note:  As of PHP 4.3.3, if session cookies are enabled, use of session_regenerate_id() will also submit a new session cookie with the new session id."

This isn't the most convienient implementation because it results in the error "session_destroy(): Session object destruction failed" if you get the code flow wrong, i recommend you look at the first user contributed note for the page linked above.

And attempts of deleting the session cookie wont work, i tried various things once a long time ago and concluded that the id will stay until the browsing session ends.


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Diablo84Commented:
Heres an example method of how you could work this, far less then elegant but it avoids error:

<?php
session_start();
if (isset($_GET['destroy_phase1'])) {
 $_SESSION = array();
 session_destroy();
 header("location: ".$_SERVER['PHP_SELF']."?destroy_phase2");
 exit;
}
elseif (isset($_GET['destroy_phase2'])) {
 session_regenerate_id();
 header("location: ".$_SERVER['PHP_SELF']);
 exit;
}

$_SESSION['test'] = "value";

echo $_SESSION['test']."<br>";

echo session_id();

echo "<br><a href=\"".$_SERVER['PHP_SELF']."?destroy_phase1\">Destroy session and generate new id</a>";
echo "<br><a href=\"".$_SERVER['PHP_SELF']."\">Reload the page maintaining data</a>";
?>

I will be leaving soon so if you need any more assistance i will check back tomorrow.

Good Luck.
0
mightofnightAuthor Commented:
hum.. i just removed these two lines

   $_SESSION = array();
     session_destroy();

and replaced with
 session_regenerate_id();

it seams to work fine? am i maybe missing something..

What i am working on is a service system for doing auto service's and whre they enter the vin i want to restart the session so i just threw session_regenerate_id(); before the form is generated and output
0
mightofnightAuthor Commented:
i guess i am got understaing the error that your talking about?
0
Diablo84Commented:
>> it seams to work fine? am i maybe missing something..

no thats logical as you are effectively creating a completely new session it just means that all of the data related to the old session id is still saved on the server and isnt technically destroyed. I guess the Garbage cleanup will handle that.

The error occurs if you do something like:

session_regenerate_id();
session_destroy();

Also, i am not sure how well this will work with your project, but instead of relying on the session_id you could instead use the uniqid function, see the documentation for more info: http://www.php.net/manual/en/function.uniqid.php

Im afraid i have to go offline now so if you need to know anything else i will check back tomorrow.
Also if you run into any problems with it after closing the question feel free to post back and i will get back to you, this is something that doesn't get used often so unexpected issues might come up.

Regards
0
mightofnightAuthor Commented:
Thanks for the help, ya i think for my next project i will not depend on the session_id in such a matter but for this one i would have to rewrite to many sql statements...

Thanks again for all the help!
-Travis
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.