[SOLVED] create new session_id, doesn't work..

[Hyaku_]

Hi!
I'm trying to generate new session_id after each new request, but it looks like it doesn't quite work:
[code]session_start();

echo "Old session ID: ".session_id() . "<BR>";

$oldSessionData = $_SESSION;

session_destroy();
session_start();

$_SESSION = $oldSessionData;

echo "New session ID: ".session_id();
?>[/code]
I got:
[code]Old session ID: 0da4e9ccd19f6d885c29ac94ab2eecac
New session ID: 0da4e9ccd19f6d885c29ac94ab2eecac[/code]
What am I doing wrong? Thanks!

[trq]

[quote]I'm trying to generate new session_id after each new request[/quote]

Why?

[Hyaku_]

so if someone sniffs users cookie, he could hijack the session

[PFMaBiSmAd]

You are echoing content to the browser within your code while you are trying to modify the session.

Try putting the following line in after your first opening <?php tag and see what you get -
[code]error_reporting(E_ALL);[/code]
Edit: There is also a note in the session_destroy section of the manual that session id must also be unset. This implies that session_destroy only destroys the session data while retaining the id. Your since your code is echoing content to the browser, the second session_start is not doing anything.

[Hyaku_]

I have already error reporting set to E_ALL, but I added the line anyway and still no errors and the same output

[PFMaBiSmAd]

I edited my post above with additional info.

The posted code looks like it should trigger some errors. Do you know if display_errors is ON?

[Hyaku_]

Thanks! yes, in my php.ini:
[code]error_reporting  =  E_ALL
display_errors = On[/code]
session_regenerate_id(true); did the trick!