I was just going through the archive. Seems this comes up enough for me to think I have something wrong.
A simplistic code flow of events...
// user successfully logs in, set a session variable
// when the user logs out, destroy session and redirect to top
$_SESSION = array();
setcookie(session_name(), '', time() - 3600);
Ok, so when the user logs in, a session id is assigned to them.
When they log out and are redirected to the beginning, the session id is
the same (verified by the file name in /tmp and cookie manager in mozilla).
My question is, even though the session contains no data after its
destroyed, should the session id remain the same, after logging out,
or should another be assigned when session_start() is called after the
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php