Edit report at http://bugs.php.net/bug.php?id=24885&edit=1
ID: 24885 Updated by: [email protected] Reported by: dan at danposluns dot com Summary: session_destroy() should optionally take session id as parameter -Status: Open +Status: Closed Type: Feature/Change Request -Package: Feature/Change Request +Package: *General Issues Operating System: Mac OS X (Unix) PHP Version: 4.3.2 -Assigned To: +Assigned To: jani Block user comment: N Private report: N New Comment: There's that option in session_regenerate_id() now since PHP 5.1. Previous Comments: ------------------------------------------------------------------------ [2005-04-10 04:54:57] mjs15451 at hotmail dot com I came up with a solution here since the php developers don't see a need for this: http://bugs.php.net/bug.php?id=24096 ------------------------------------------------------------------------ [2003-07-31 09:40:21] dan at danposluns dot com Description: ------------ It would be very useful to have session_destroy() optionally take a session id as a parameter. This would be useful for people who want to help prevent hijacked sessions by using session_regenerate_id(). A subsequent call to session_destroy([previous session id]) would keep hijackers from using the old session file, and is much simpler than trying to unlink the file manually. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=24885&edit=1
