Reputation: 1676
destroying old session, making new, but php still refers to old session
Took me a while to tackle this problem to it's exact cause, but here's what seems to be happening:
I have a session. I want to completely kill my current session and start from scratch, with a brand new session, that has a blank slate.
So this is what I do:
public function unregister_session()
{
// I COMMENTED THOSE SECTIONS THAT I WASNT SURE WHAT THEY WERE DOING, BUT PROBLEM PERSISTS.
//session_regenerate_id();
//$params = session_get_cookie_params();
// setcookie(session_name(), '', time() - 42000,
// $params["path"], $params["domain"],
// $params["secure"], $params["httponly"]);
unset($_SESSION);
$_SESSION=array();
echo '<br> destroying session. old SID:'.session_id(); //echos 'qqhu7on0n...'
session_unset();
session_destroy();
echo '<br> limbo SID:'.session_id(); //echos nothing.
session_start();
echo '<br> new SID:'.session_id(); //echos 'qqhu7on0n...'
}
Alright so what i think should happen is that I have a new session. And well it kind of works, because everything about the previous session seems to be forgotten, at least if I look at $_SESSION.
BUT whenever I echo the session_id it still gives me the old session ID! When I write any values into $_SESSION they are not carried over to the next page, instead on the next page $_SESSION is empty!
EDIT: i echo the session_id() on multiple places on my script (going from top to bottom) i get always the same session_id displayed. going into google developer tools looking at my cookies, i see a different id for PHPSESSID. i see the exact id which i will see when i'm trying to echo session_id() on the next page...
Why is this happening and what am I doing wrong? How can I get session_id() to show me the NEW session id, not the old one? How can I write values into the NEW $_SESSION variable, so that they are actually carried over to the next page?
EDIT - THE SOLUTION
public function unregister_session()
{
// DUNNO IF THE COMMENTED SECTIONS MAKE A DIFFERENCE
//$params = session_get_cookie_params();
// setcookie(session_name(), '', time() - 42000,
// $params["path"], $params["domain"],
// $params["secure"], $params["httponly"]);
unset($_SESSION);
$_SESSION=array();
echo '<br> destroying session. old SID:'.session_id(); //echos 'qqhu7on0n...'
session_unset();
session_destroy();
echo '<br> limbo SID:'.session_id(); //echos nothing.
session_start();
session_regenerate_id(TRUE); //THIS DOES THE TRICK! Calling it after session_start. Dunno if true makes a difference.
echo '<br> new SID:'.session_id(); //echos '7b2jn...' :-)
}
Upvotes: 1
Views: 1478
Answers (2)
Reputation: 1981
Make sure you are calling session_start on whatever page is calling that function. I would also un-comment the code for destroying the cookie. That can possibly prevent weird problems with cached data.
Upvotes: 0
Reputation: 672
Checkout, http://php.net/manual/en/function.session-regenerate-id.php
session_regenerate_id()
Upvotes: 1
Related Questions
- Sessions in PHP exists after Destroying
- php destroy a session which is not the current session
- session is not destroyed
- Destroying Session - Logs me out to current system and the other system
- My Session reappears In PHP even after destroy
- Logout problem /session not destroyed
- PHP sessions won't destroy
- Sessions not destroying
- Page brings back old session after session_destroy
- Logut Session not destroyed