This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Close session and start a new one
I use wampserver2.1 php5.3.3, I found session_regenerate_id(true) not work in my script,document says when I set the parameter 'delete_old_sessions' true, there should be a new sid and all the session variables should be deleted, but the fact is after the function, $_session[abc] is still there. did I misunderstand the function,what is my problem?
I appreciate if anyone can help me,
<?php
session_start();
$_SESSION['abc']=12323;
session_regenerate_id(true);
echo $_SESSION['abc'];
?>
I thought it should display none, but it outputs:12323
session_regenerate_id() updates the current session id with a newly generated one. It does not change session variables.
echo session_id();
session_regenerate_id();
echo session_id();
You should unset session to do that:
unset($_SESSION); // or
$_SESSION = array();
How to start a new session:
session_start();
session_destroy();
session_regenerate_id();
unset($_SESSION);
session_start();
session_regenerate_id sends a new cookie but doesn't overwrite the value stored in $_COOKIE. After calling session_destroy, the open session ID is discarded, so simply restarting the session with session_start will re-open the original, though now empty, session for the current request (subsequent requests will use the new session ID). Instead of session_destroy+session_start, use the $delete_old_session parameter to session_regenerate_id to delete the previous session data.
<?php
session_start();
/* Create a new session, deleting the previous session data. */
session_regenerate_id(TRUE);
/* erase data carried over from previous session */
$_SESSION=array();
?>
To start a new session and leave the old untouched, simply leave out the argument to session_regenerate_id.
Source: http://de.php.net/manual/en/function.session-regenerate-id.php#107323
If you want to destroy the session-variables you can perform this: session_destroy();
and if you want to get new ID you can session_regenerate_id();
Related
Trying to temporary store information in a multipage sign up. Because I don't want old sessions to mess with the new sign up data I'm trying to destroy the old session. The problem is the following.
Not working:
signup1.php
//Start new session
session_regenerate_id(TRUE);
session_destroy();
unset($_SESSION);
session_start();
//Store values in session
$_SESSION['created'] = time();
//Redirect to second step
header('Location: '.$settings->siteurl.'signup2.php');
exit();
signup2.php
<pre>
<?php
//Print $_SESSION (empty array)
print_r($_SESSION);
?>
Working (but returns old $_SESSION values + updated values):
//Start new session
session_regenerate_id(TRUE);
//Store values in session
$_SESSION['created'] = time();
//Redirect to second step
header('Location: '.$settings->siteurl.'signup2.php');
exit();
What could resolve the problem? First session_start(); is set in init.php but it doesn't matter if I place it above session_regenerate_id(TRUE), array stays empty.
You should use this first:
session_start(); // Starts a new or resumes an existing session
Then you may use:
session_regenerate_id(TRUE); // regenerates the active session id
The TRUE/delete_old_session parameter is used for:
Whether to delete the old associated session file or not.
The session_regenerate_id is useful to prevent session hijacking and it just regenerates a new id but keeps session data. This should be used when user's access level changes or using a time interval (i.e. after every 10 minutes) but before you regenerate another new session id you need to start the session first.
I am using PHP sessions for a tool I have created. It allows for you to resume a previous session you may have started that is stored in the database. All that functionality is working as intended.
However, I provide a link that says "Create New Session" and point it to a PHP page that contains this code:
<?php
session_start();
session_destroy();
$_SESSION = array();
unset($_SESSION);
header('Location: wizard.php');
?>
Now, when it redirects back to wizard.php, I have it printing out all session details and it still contains information from the previous session.
Is there something I am missing here?
Wizard.php starts with session_create(); so I would assume as soon as it redirected it would create a new session ID and all which isnt happening.
Thanks for any info
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}
// Finally, destroy the session.
session_destroy();
header('Location: wizard.php');
?>
Taken from: session_destroy Example 1
Here is a code I destroy the session but it still working.
<?php
session_start();
$_SESSION['name'] = 'Arfan';
$_SESSION['second_name'] = 'Haider';
echo 'My full name is '.$_SESSION['name'].$_SESSION['second_name'].'<br/>';
unset($_SESSION['second_name']);// unset the second_name session
echo 'My name is '.$_SESSION['name'].$_SESSION['second_name'].'<br/>';// work fine error popup
session_destroy();// Destroy all the session
echo $_SESSION['name']; // session is working here.
?>
As you can see at the end of the code session is also working why?
From docs:
In order to kill the session altogether, like to log the user out, the
session id must also be unset. If a cookie is used to propagate the
session id (default behavior), then the session cookie must be
deleted. setcookie() may be used for that.
Example:
session_start();
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(),'',0,'/');
session_regenerate_id(true);
After using session_destroy(), the session cookie is removed and the session is no longer stored on the server. The values in $_SESSION may still be available, but they will not be on the next page load.
If you want to clear a session completely, you can use:
session_start();
session_destroy();
$_SESSION = array();
I started a session $_SESSION['ProdID'] = $ProdID; earlier in my code and I started another ProdID session in another page of my script.
I want to end the first one while this new one will be active without logging out.
Create a page with any name you want.
For example you create a page named as logout.php and paste this code in it.
<?php
session_start();
session_destroy();
header('location:login_page.php');
?>
if you want to destroy all sessions , it's better to use session_destroy()
if you want to destroy specific session , you can use unset($_SESSION['']);
First destroy the current session by regenerating a new session ID to create new cookies. You can then set your values in the new session, the old session is destroyed. Optionally delete all old session variables if you don't need them any longer:
/* generate new session id and delete old session in store */
session_regenerate_id(true);
/* optional: unset old session variables */
$_SESSION = array();
/* set new value(s) */
$_SESSION['name'] = 'value';
If you still want to keep the old session ("without logging out") you can remove the true parameter so the old session is kept in store:
/* generate new session id and keep old session in store */
session_regenerate_id();
The rest would remain the same.
Try using session_destroy(); to end your current session.
Use
unset($_SESSION["ProdID"]);
Only type unset session end of code,
Like this
unset($_SESSION['ProdID']);
I've been looking at using session_regenerate_id in a login class which I have been developing and from reading the PHP documentation and a few other sites it seems that it creates a new session with a newly generated ID carrying across the previous data since the function was added in PHP 4.3.2.
Since PHP 5.1 it has a delete_old_session parameter and if set to true it will also destroy the previous session but in previous versions it will not.
My question is if I was to use session_regenerate_id on a server running a PHP version below 5.1 what would be the best way to use session_regenerate_id and to destroy the previous session?
I don't think session_destroy() would work because if I used it before session_regenerate_id then it wouldn't be able to carry across the previous session data and if used after it would just destroy the new session.
This should solve your problem:
session_start();
// gets current (previous) session
$previousID = session_id();
session_regenerate_id();
// get the new session id
$newID = session_id();
// close session related files
session_write_close();
// set the old session id
session_id($previousID);
// start the old session
session_start();
// clear the old session
session_destroy();
// save the old session state (destroyed session)
session_write_close();
// set the regenerated session id
session_id($newID);
// start the new session
session_start();
Now your old session data is erased and transfered to a new session id.