[SOLVED] Still get the same session id after I log out

[alluoshi]

Hi, I have an application with sessions/cookies. When I log out and then log in, I still get the same session id even if I log in with different user. How can I correct this so that any user gets a new session id when they log in.

my code for logout page is:

session_start();

session_unset();

session_destroy();

Note: The logout works because I tried to access members' pages after I log out and it asked me to log in again.

[Daniel0]

Rumor has it that reading the manual often helps:

 

session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

 

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

[alluoshi]

I changed the code in the log out file to:

session_start();

session_unset();

session_destroy();

setcookie("PHPSESSID", "", time()-3600);

but it still doesn't work. when I log in again, I still have the same session id. The only way to get a new session id is to go to the browser and delete the cookie explicitly.

[Daniel0]

Try to do it the way the manual says. If it still does not work, there is, as the manual says, a function called session_regenerate_id.

[alluoshi]

Thank you. It worked like this: the log out file code:

session_start();

session_regenerate_id();

session_unset();

session_destroy();