I was just going through the archive. Seems this comes up enough for me
to think I have something wrong.
A simplistic code flow of events...
<?php
session_start();
// user successfully logs in, set a session variable
$_SESSION['user_id'];
// when the user logs out, destroy session and redirect to top
$_SESSION = array();
setcookie(session_name(), '', time() - 3600);
session_destroy();
header('location: back_to_top');
?>
Ok, so when the user logs in, a session id is assigned to them.
When they log out and are redirected to the beginning, the session id is
the same (verified by the file name in /tmp and cookie manager in mozilla).
My question is, even though the session contains no data after its
destroyed, should the session id remain the same, after logging out,
or should another be assigned when session_start() is called after the
redirect???
Thanks
--
Gerard Samuel
http://www.trini0.org:81/
http://dev.trini0.org:81/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
- Re: [PHP] Logging out and session ids Gerard Samuel
- Re: [PHP] Logging out and session ids Tom Rogers
- Re: [PHP] Logging out and session ids Gerard Samuel
- Re[2]: [PHP] Logging out and session ids Tom Rogers
