PHP Session destroy but keeping login details causing problems

Posted on 2011-10-05
Last Modified: 2012-06-21
Dear Experts,

I am needing to destroy the sessions but keep the login session details. I have included the code below that I have been using. I simply place the Sessions used for login into a variable that I can call after I destroy the session. Then once I have destroyed the session I use session_start and set the session back using the variables.

This works correctly for me. However I am have some strange issues, every once in a while a page that uses a session simply hangs and take up to two minutes to load. The page does eventually load without any issues that there is something that is going wrong and my instincts are pointing the code below that is destroying the sessions.

Can you let me know of a better way to achieve this or if you can see any obvious issue with the code I am using.

Many thanks as always
<?php if (isset($_REQUEST["update"])) {  
// Initialize the session. 
// If you are using session_name("something"), don't forget it now! 
//store user sessions - create a application variable for each user session variable from the login page 
$MemberID = $_SESSION['MemberID'];
$MemberFirstName = $_SESSION['MemberFirstName'];
$MemberLastName = $_SESSION['MemberLastName'];
// Finally, destroy the session. 
//restore the users session variables 
$_SESSION['MemberID'] = $MemberID;
$_SESSION['MemberFirstName'] = $MemberFirstName;
$_SESSION['MemberLastName'] = $MemberLastName;
 } ?>

Open in new window

Question by:Lightwalker
    LVL 15

    Expert Comment


    if i am getting you properly , you want to change the session for ur login users details, like MemberFirstName and so on.
    if yes than don't delete the session just overwrite it. Why actually you want to delete the session, please clarify so that we can try for other answer for it

    // Finally, destroy the session.
    //restore the users session variables
    $_SESSION['MemberID'] = $MemberID;
    $_SESSION['MemberFirstName'] = $MemberFirstName;
    $_SESSION['MemberLastName'] = $MemberLastName;

    Author Comment

    Thanks insoftservice,

    Absolutely let me clarify. I have a form validation and form submission that stores it's information in sessions. Once the form is submitted I want to destroy all the session except the information used for login.

    Same goes for a shopping cart that uses sessions to store the cart contents, once the purchase has gone through I want to destoy all the session that are not used for logging in.


    LVL 15

    Accepted Solution

    I would suggest not to do session_destroy instead unset all the session which are of no use.
    so, creating and destroying issue will get over.
    LVL 13

    Expert Comment

    by:Hugh McCurdy
    I agree with insoftervice unless you have a compelling reason that you can't destroy just part of the session.  

    Why are you keeping shopping cart contents in the session?  I'd keep them in the DB in case the visitor (such as my wife) wants to come back later.

    LVL 107

    Expert Comment

    by:Ray Paseur
    destroy the sessions but keep the login session details - that is an oxymoron, much like saying "I want to kill the dog but still play ball with the dog."

    The design patterns used for PHP client authentication are shown in this article.

    The correct design pattern for what you want is not session_destroy(); instead it is to unset() selected session array elements.  You can go about this two ways.  One way is to keep a list of the elements you want to keep, copy them into another array, then unset($_SESSION) and copy them back; the other way is to keep a list of the things you want to unset() and use an iterator, something like this:

    foreach ($things_to_remove as $thing) { unset($_SESSION[$thing]); }

    That other stuff about session_destroy() and session_start() is just unnecessary noise.

    HTH, ~Ray

    PS: I, too, would recommend that you keep the data in the data base, not the session.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    The Client Need Led Us to RSS I recently had an investment company ask me how they might notify their constituents about their newsworthy publications.  Probably you would think "Facebook" or "Twitter" but this is an interesting client.  Their cons…
    I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
    Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
    This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now