Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 419
  • Last Modified:

PHP5: why session id does not change after session_destroy() is called?

Hello Experts,

Why is my session id the same after calling session_destroy()?

Please see code below:

session_name('TESTSession');
session_start();

echo 'session id: '.session_id().'<br>';

if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 60)) {
	session_unset();     // unset $_SESSION variable for the run-time
	session_destroy();   // destroy session data in storage
}
		
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
echo 'session last activity: '. $_SESSION['LAST_ACTIVITY'] . '<br>';			

Open in new window

0
epifanio67
Asked:
epifanio67
1 Solution
 
GaryCommented:
The session id is stored client side so isn't destroyed even though all the session values have been
To get a new id use session_regenerate_id()

<?php

session_name('TESTSession');
session_start();

echo 'session id: '.session_id().'<br>';

if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 60)) {
	session_destroy();   // destroy session data in storage
	session_unset();     // unset $_SESSION variable for the run-time
	session_regenerate_id(true);
}

		
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
echo 'session last activity: '. $_SESSION['LAST_ACTIVITY'] . '<br>';	

Open in new window

0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now