Ville Mattila wrote: ...
session_destroy(); session_regenerate_id(); session_write_close(); Header("Location: ..."); exit;
For my point of view, this should do exactly what I like to do: destroy the old session data, generate a new one, write them and redirect the user to next page.
And you're partly right. From the client's point of view it's still the same session. Why? Because you didn't destroy the cookie as well as the session data. So you're generating fresh session data, but the id is the same.
In other words:
- Page1.php
- PHP reaches this session termination code
- session file on hard drive / in DB / whatever for current SID is destroyed
- $_SESSION still exists! Although this might be ok?...
- execution for Page1.php ends (Header and then exit)
- Page2.php starts
- PHP reads in the session ID from the cookie
- SID is the same as what was used in Page1.php
- However, no session data exists for this SID so PHP starts up a *new session* with the *old SID*
I remember somehow that there have been problems with SetCookie and Header("Location: ..") combination. Could this session problem arise due same reasons?
Sort of. This is what you need:
http://php.net/manual/en/function.session-destroy.php
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
