php session id

See attached.

I am trying to test timing out a session after some time has passed, force re login & start another session.

To test the idea, I built the php as attached.

In the second program, rpt_new_session(), it echos the old & new sessions with the same ID.

How can I force a DIFFERENT id when restarting?
session_test_db.php
rpt_new_session.php
Richard KortsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

aboo_sCommented:
use session_id()
to set a new session_id of your choice.
0
Dave BaldwinFixer of ProblemsCommented:
Well, you can't.  You do get a different session id Value.  You can force the session id value to change by killing the original session and starting a new one.  Use the example on this page http://php.net/manual/en/function.session-destroy.php and then add a 'session_start' after the end of it like this.
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Finally, destroy the session.
session_destroy();
// then restart
session_start();
?>

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ray PaseurCommented:
Before you spend too long on this problem, please make sure you understand how the PHP session handler works.  It's always easier to ride the horse in the direction he's going!
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11909-PHP-Sessions-Simpler-Than-You-May-Think.html
0
Dave BaldwinFixer of ProblemsCommented:
And that reminds me... as we discussed in another long question, the PHP session timeout is not an exact timing but a Minimum value.  Worse than that... it only gets checked when PHP on the server gets accessed.  If you are the only one on your server, it may never timeout.  When this came up before, I checked the temp directory where session info is stored on one of my computers and found session files from 5 years ago.

To make the specific point, the PHP session timeout is Not a timer.  If you want a specific timeout, you will have to write that yourself.
0
Ray PaseurCommented:
+1 for Dave's explanation.  HTTP is a stateless client/server protocol.  There is no such thing as a logged-in user, only a user who sends a request that tells the server enough information to recover the session data.  Most of this information is sent in the HTTP cookies that are returned by the browser to the server.  The rest of this information is contained in other request variables and files that are stored on the server.  So to really understand this, you need to "get it" about HTTP cookies and headers, and connect the dots one-by-one.

The problem with the "PHP session timeout" is that session timeout is not a thing at all - it never occurs - it does not exist.  When a PHP script runs the session_start() function, a cookie is set on the client browser.  The cookie points the server to the session files that contain the stored data.  If the client browser does not return the cookie, the session is lost.  If the server does not find the session files, the session is lost.  But none of these "lost data" events can be triggered by a timeout, because there is no timer directly associated with these things.  I think the article covers the waterfront, but if you read it and still have questions, please post back and I'll clarify the article and try to explain the details.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.