• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 221
  • Last Modified:

PHP Session destroy but keeping login details causing problems

Dear Experts,

I am needing to destroy the sessions but keep the login session details. I have included the code below that I have been using. I simply place the Sessions used for login into a variable that I can call after I destroy the session. Then once I have destroyed the session I use session_start and set the session back using the variables.

This works correctly for me. However I am have some strange issues, every once in a while a page that uses a session simply hangs and take up to two minutes to load. The page does eventually load without any issues that there is something that is going wrong and my instincts are pointing the code below that is destroying the sessions.

Can you let me know of a better way to achieve this or if you can see any obvious issue with the code I am using.

Many thanks as always
<?php if (isset($_REQUEST["update"])) {  
// Initialize the session. 
// If you are using session_name("something"), don't forget it now! 
@session_start(); 
//store user sessions - create a application variable for each user session variable from the login page 
$MemberID = $_SESSION['MemberID'];
$MemberFirstName = $_SESSION['MemberFirstName'];
$MemberLastName = $_SESSION['MemberLastName'];
// Finally, destroy the session. 
session_destroy();
unset($_SESSION);
session_start();
@session_regenerate_id(); 
//restore the users session variables 
$_SESSION['MemberID'] = $MemberID;
$_SESSION['MemberFirstName'] = $MemberFirstName;
$_SESSION['MemberLastName'] = $MemberLastName;
 } ?>

Open in new window

0
Lightwalker
Asked:
Lightwalker
1 Solution
 
InsoftserviceCommented:
hi,

if i am getting you properly , you want to change the session for ur login users details, like MemberFirstName and so on.
if yes than don't delete the session just overwrite it. Why actually you want to delete the session, please clarify so that we can try for other answer for it

// Finally, destroy the session.
//session_destroy();
//unset($_SESSION);
//session_start();
//@session_regenerate_id();
//restore the users session variables
$_SESSION['MemberID'] = $MemberID;
$_SESSION['MemberFirstName'] = $MemberFirstName;
$_SESSION['MemberLastName'] = $MemberLastName;
0
 
LightwalkerAuthor Commented:
Thanks insoftservice,

Absolutely let me clarify. I have a form validation and form submission that stores it's information in sessions. Once the form is submitted I want to destroy all the session except the information used for login.

Same goes for a shopping cart that uses sessions to store the cart contents, once the purchase has gone through I want to destoy all the session that are not used for logging in.

 

0
 
InsoftserviceCommented:
so,
I would suggest not to do session_destroy instead unset all the session which are of no use.
so, creating and destroying issue will get over.
 
0
 
Hugh McCurdyCommented:
I agree with insoftervice unless you have a compelling reason that you can't destroy just part of the session.  

Why are you keeping shopping cart contents in the session?  I'd keep them in the DB in case the visitor (such as my wife) wants to come back later.

Hugh
0
 
Ray PaseurCommented:
destroy the sessions but keep the login session details - that is an oxymoron, much like saying "I want to kill the dog but still play ball with the dog."

The design patterns used for PHP client authentication are shown in this article.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

The correct design pattern for what you want is not session_destroy(); instead it is to unset() selected session array elements.  You can go about this two ways.  One way is to keep a list of the elements you want to keep, copy them into another array, then unset($_SESSION) and copy them back; the other way is to keep a list of the things you want to unset() and use an iterator, something like this:

foreach ($things_to_remove as $thing) { unset($_SESSION[$thing]); }

That other stuff about session_destroy() and session_start() is just unnecessary noise.

HTH, ~Ray

PS: I, too, would recommend that you keep the data in the data base, not the session.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now