Solved

PHP Session id is not changing

Posted on 2009-04-10
3
647 Views
Last Modified: 2013-12-14
I have one login page and when it ask for user id password ..after authentication i put here a validation of yes and no ..if you are authorized  than click yes or no ..but whenever i am clcking no the session id remain same ..which i dont want ..i need to change session id on pressing no.

Please help!

The default page opens is index.php.
Code pressing no

-------------------------
 

if ($_POST['button']=="NO" ) {

    $query="UPDATE `web_access_log`

            SET accept_conditions='0'

            WHERE ID={$_SESSION['DB_Key']}";

    $result= mysql_query($query)

            or die (mysql_error()."<br>\nSQL: $query");

    include ("logout.php");
 

Logout.php

----------------
 

if (!$db) $db = db_connect();
 

$query="UPDATE `web_access_log` 

        SET logout_time=NOW(),  session_timeout='0'

        WHERE ID={$_SESSION['DB_Key']}";
 

$result = mysql_query($query) 

          or die (mysql_error()."<br>\nSQL: $query");
 

unset($_SESSION['userid']);

unset($_SESSION['ip']);

unset($_SESSION['DB_Key']);

unset($_SESSION['accept']);

session_destroy();

header("Location: index.php");

Open in new window

0
Comment
Question by:prashantchauhan
3 Comments
 
LVL 3

Assisted Solution

by:Bivek-jos
Bivek-jos earned 100 total points
ID: 24114731
Hi
Have a look at:
http://www.php.net/session_regenerate_id
Hope this helps. :)

Thank you
0
 
LVL 9

Assisted Solution

by:LinuxNubb
LinuxNubb earned 100 total points
ID: 24116602
You could also try to set your session variables to nothing:

$_SESSION['userid'] = '';

0
 

Accepted Solution

by:
prashantchauhan earned 0 total points
ID: 24183160
I am already using session_regenrate but still the problem same..

Please check the code below,...and suggest any changes required.
session_destroy();

session_regenerate_id();
 

unset($_SESSION['userid']);

unset($_SESSION['ip']);

unset($_SESSION['DB_Key']);

unset($_SESSION['accept']);
 
 

function UpdateSessID() {

    $old_sess_id = session_id();

    session_regenerate_id(false);

    $new_sess_id = session_id();
 

    $query = "UPDATE `session_table` SET `session_id` = '$new_sess_id' WHERE session_id = '$old_sess_id'";

        mysql_query($query);

}
 
 

session_destroy();

Open in new window

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now