Jump to content

Recommended Posts

Hi, I have an application with sessions/cookies. When I log out and then log in, I still get the same session id even if I log in with different user. How can I correct this so that any user gets a new session id when they log in.

my code for logout page is:

session_start();

session_unset();

session_destroy();

Note: The logout works because I tried to access members' pages after I log out and it asked me to log in again.

Rumor has it that reading the manual often helps:

 

session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

 

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

I changed the code in the log out file to:

session_start();

session_unset();

session_destroy();

setcookie("PHPSESSID", "", time()-3600);

but it still doesn't work. when I log in again, I still have the same session id. The only way to get a new session id is to go to the browser and delete the cookie explicitly.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.