erikbeam Posted May 25, 2008 Share Posted May 25, 2008 I've got a basic user login page where I start a session and pass on $_SESSION['sessionuser'] and $PHPSESSID to the next page. The format I have is: -login form (form.php) -verify login (login.php) -here if login matches the database I <meta http...> redirect to /gallery/index.php -if login does not match I <meta http...> redirect them to wrong_id.php to login again -just for testing I've got /gallery/index.php set to just: [ <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <?php echo $PHPSESSID; echo $_SESSION['sessionuser']; ?> This works fine. It shows the random string followed by the username. And if I close the browser and reopen to login again I even get a different $PHPSESSID. However, if I use the same browser, or open a new tab in the same browser, and try to login, I get the new username with the old $PHPSESSID. How do I clear $PHPSESSID as part of the login process? I've tried this in the login.php file: <?php if(isset($PHPSESSID)) { session_unset(); session_start(); } else { session_start(); } ?> This doesn't seem to work. I've also tried specifically using session_unset($PHPSESSID); with the same results. Link to comment https://forums.phpfreaks.com/topic/107205-unsetting-phpsessid/ Share on other sites More sharing options...
deadonarrival Posted May 25, 2008 Share Posted May 25, 2008 That should work, rather odd. Try adding unset($PHPSESSID) to your loop. Also, echo $PHPSSESSID before your if block just to check it is set. Edit: in addittion to session_unset - try session_destroy() and session_regenerate_id() Link to comment https://forums.phpfreaks.com/topic/107205-unsetting-phpsessid/#findComment-549624 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.