Why does PHP Keep logging out?

[johnsmith153]

My script is very simple, with a session set to tell the system a user is logged in.

 

Every page (that needs login authorisation) checks if this sesion exists, and if not it will perform a PHP exit;

 

However, if i click a link on my nav bar, and then quickly click another, it will log me out.

 

This could happen a lot if someone changed their mind on which link to click.

 

Could it be something to do with the fact I am using session_regenerate_id(true); on every page?

 

I use this to prevent hijacking of the session. Is there an alternative, or what should I do?

 

Surely people can use session_regenerate_id(true); AND not get logged out avery so often.

[DarkWater]

Can I see the code you use to check if they're logged in?

[johnsmith153]

I have found the problem:

 

session_regenerate_id(true);

 

set it to:

session_regenerate_id(false);

 

However, I believe using "false" will keep old sessions active - as well as the new ones.

 

(1) Is this true? How long does it keep for?

(2) What advice does anyone have?

(3) What then is the point of using session_regenerate_id(false); - surely it would be best to not use it at all, than to use "false".

 

 

Do most people use session_regenerate_id at all?

[DarkWater]

Setting it to false means that it doesn't actually delete the session file until the gc comes and gets it eventually, which is fine.  I've ONLY ever seen it used with false or no parameter (defaults to false) anyway.