PHP Session destroy but keeping login details causing problems

Dear Experts,

I am needing to destroy the sessions but keep the login session details. I have included the code below that I have been using. I simply place the Sessions used for login into a variable that I can call after I destroy the session. Then once I have destroyed the session I use session_start and set the session back using the variables.

This works correctly for me. However I am have some strange issues, every once in a while a page that uses a session simply hangs and take up to two minutes to load. The page does eventually load without any issues that there is something that is going wrong and my instincts are pointing the code below that is destroying the sessions.

Can you let me know of a better way to achieve this or if you can see any obvious issue with the code I am using.

Many thanks as always
<?php if (isset($_REQUEST["update"])) {  
// Initialize the session. 
// If you are using session_name("something"), don't forget it now! 
@session_start(); 
//store user sessions - create a application variable for each user session variable from the login page 
$MemberID = $_SESSION['MemberID'];
$MemberFirstName = $_SESSION['MemberFirstName'];
$MemberLastName = $_SESSION['MemberLastName'];
// Finally, destroy the session. 
session_destroy();
unset($_SESSION);
session_start();
@session_regenerate_id(); 
//restore the users session variables 
$_SESSION['MemberID'] = $MemberID;
$_SESSION['MemberFirstName'] = $MemberFirstName;
$_SESSION['MemberLastName'] = $MemberLastName;
 } ?>

Open in new window

LightwalkerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

InsoftserviceCommented:
hi,

if i am getting you properly , you want to change the session for ur login users details, like MemberFirstName and so on.
if yes than don't delete the session just overwrite it. Why actually you want to delete the session, please clarify so that we can try for other answer for it

// Finally, destroy the session.
//session_destroy();
//unset($_SESSION);
//session_start();
//@session_regenerate_id();
//restore the users session variables
$_SESSION['MemberID'] = $MemberID;
$_SESSION['MemberFirstName'] = $MemberFirstName;
$_SESSION['MemberLastName'] = $MemberLastName;
LightwalkerAuthor Commented:
Thanks insoftservice,

Absolutely let me clarify. I have a form validation and form submission that stores it's information in sessions. Once the form is submitted I want to destroy all the session except the information used for login.

Same goes for a shopping cart that uses sessions to store the cart contents, once the purchase has gone through I want to destoy all the session that are not used for logging in.

 

InsoftserviceCommented:
so,
I would suggest not to do session_destroy instead unset all the session which are of no use.
so, creating and destroying issue will get over.
 

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Hugh McCurdyCommented:
I agree with insoftervice unless you have a compelling reason that you can't destroy just part of the session.  

Why are you keeping shopping cart contents in the session?  I'd keep them in the DB in case the visitor (such as my wife) wants to come back later.

Hugh
Ray PaseurCommented:
destroy the sessions but keep the login session details - that is an oxymoron, much like saying "I want to kill the dog but still play ball with the dog."

The design patterns used for PHP client authentication are shown in this article.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

The correct design pattern for what you want is not session_destroy(); instead it is to unset() selected session array elements.  You can go about this two ways.  One way is to keep a list of the elements you want to keep, copy them into another array, then unset($_SESSION) and copy them back; the other way is to keep a list of the things you want to unset() and use an iterator, something like this:

foreach ($things_to_remove as $thing) { unset($_SESSION[$thing]); }

That other stuff about session_destroy() and session_start() is just unnecessary noise.

HTH, ~Ray

PS: I, too, would recommend that you keep the data in the data base, not the session.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.