destroying old session, making new, but php still refers to old session

StackOverflow https://stackoverflow.com/questions/19738422

  •  03-07-2022
  •  | 
  •  

Question

Took me a while to tackle this problem to it's exact cause, but here's what seems to be happening:

I have a session. I want to completely kill my current session and start from scratch, with a brand new session, that has a blank slate.

So this is what I do:

public function unregister_session()
{
    // I COMMENTED THOSE SECTIONS THAT I WASNT SURE WHAT THEY WERE DOING, BUT PROBLEM PERSISTS.
    //session_regenerate_id();
    //$params = session_get_cookie_params();
        // setcookie(session_name(), '', time() - 42000,
            // $params["path"], $params["domain"],
            // $params["secure"], $params["httponly"]);
    unset($_SESSION);
    $_SESSION=array();
    echo '<br> destroying session. old SID:'.session_id(); //echos 'qqhu7on0n...'
    session_unset();
    session_destroy();
    echo '<br> limbo SID:'.session_id(); //echos nothing.
    session_start();
    echo '<br> new SID:'.session_id();  //echos 'qqhu7on0n...'
}

Alright so what i think should happen is that I have a new session. And well it kind of works, because everything about the previous session seems to be forgotten, at least if I look at $_SESSION.

BUT whenever I echo the session_id it still gives me the old session ID! When I write any values into $_SESSION they are not carried over to the next page, instead on the next page $_SESSION is empty!

EDIT: i echo the session_id() on multiple places on my script (going from top to bottom) i get always the same session_id displayed. going into google developer tools looking at my cookies, i see a different id for PHPSESSID. i see the exact id which i will see when i'm trying to echo session_id() on the next page...

Why is this happening and what am I doing wrong? How can I get session_id() to show me the NEW session id, not the old one? How can I write values into the NEW $_SESSION variable, so that they are actually carried over to the next page?

EDIT - THE SOLUTION

public function unregister_session()
{
    // DUNNO IF THE COMMENTED SECTIONS MAKE A DIFFERENCE
    //$params = session_get_cookie_params();
        // setcookie(session_name(), '', time() - 42000,
            // $params["path"], $params["domain"],
            // $params["secure"], $params["httponly"]);
    unset($_SESSION);
    $_SESSION=array();
    echo '<br> destroying session. old SID:'.session_id(); //echos 'qqhu7on0n...'
    session_unset();
    session_destroy();
    echo '<br> limbo SID:'.session_id(); //echos nothing.
    session_start();
    session_regenerate_id(TRUE); //THIS DOES THE TRICK! Calling it after session_start. Dunno if true makes a difference.
    echo '<br> new SID:'.session_id();  //echos '7b2jn...' :-)
}
Was it helpful?

Solution

Checkout, http://php.net/manual/en/function.session-regenerate-id.php

session_regenerate_id()

OTHER TIPS

Make sure you are calling session_start on whatever page is calling that function. I would also un-comment the code for destroying the cookie. That can possibly prevent weird problems with cached data.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top