Re: [PHP] Logging out and session ids
Hi,
Friday, November 29, 2002, 4:58:02 PM, you wrote:
GS I was just going through the archive. Seems this comes up enough for me
GS to think I have something wrong.
GS A simplistic code flow of events...
GS ?php
GS session_start();
GS // user successfully logs in, set a session variable
GS $_SESSION['user_id'];
GS // when the user logs out, destroy session and redirect to top
GS $_SESSION = array();
GS setcookie(session_name(), '', time() - 3600);
GS session_destroy();
GS header('location: back_to_top');
?
GS Ok, so when the user logs in, a session id is assigned to them.
GS When they log out and are redirected to the beginning, the session id is
GS the same (verified by the file name in /tmp and cookie manager in mozilla).
GS My question is, even though the session contains no data after its
GS destroyed, should the session id remain the same, after logging out,
GS or should another be assigned when session_start() is called after the
GS redirect???
The browser will send the old cookie and as the name is probably the same as the
the old session it will get used again, or at least I think that is what is
happening :)
This should not be a problem as the data associated with the old session is
gone.
If you close the browser and start a fresh one you will get a new session id.
--
regards,
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Logging out and session ids
Tom Rogers wrote:
Hi,
Friday, November 29, 2002, 4:58:02 PM, you wrote:
GS I was just going through the archive. Seems this comes up enough for me
GS to think I have something wrong.
GS A simplistic code flow of events...
GS ?php
GS session_start();
GS // user successfully logs in, set a session variable
GS $_SESSION['user_id'];
GS // when the user logs out, destroy session and redirect to top
GS $_SESSION = array();
GS setcookie(session_name(), '', time() - 3600);
GS session_destroy();
GS header('location: back_to_top');
?
GS Ok, so when the user logs in, a session id is assigned to them.
GS When they log out and are redirected to the beginning, the session id is
GS the same (verified by the file name in /tmp and cookie manager in mozilla).
GS My question is, even though the session contains no data after its
GS destroyed, should the session id remain the same, after logging out,
GS or should another be assigned when session_start() is called after the
GS redirect???
The browser will send the old cookie and as the name is probably the same as the
the old session it will get used again, or at least I think that is what is
happening :)
This should not be a problem as the data associated with the old session is
gone.
If that is the case, then the setcookie() call to destroy the clien't
cookie probably isn't neccessary.
If you close the browser and start a fresh one you will get a new session id.
--
Gerard Samuel
http://www.trini0.org:81/
http://dev.trini0.org:81/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re[2]: [PHP] Logging out and session ids
Hi, I have never bothered with the cookie, I only delete the server side info. -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Logging out and session ids
I was just going through the archive. Seems this comes up enough for me
to think I have something wrong.
A simplistic code flow of events...
?php
session_start();
// user successfully logs in, set a session variable
$_SESSION['user_id'];
// when the user logs out, destroy session and redirect to top
$_SESSION = array();
setcookie(session_name(), '', time() - 3600);
session_destroy();
header('location: back_to_top');
?
Ok, so when the user logs in, a session id is assigned to them.
When they log out and are redirected to the beginning, the session id is
the same (verified by the file name in /tmp and cookie manager in mozilla).
My question is, even though the session contains no data after its
destroyed, should the session id remain the same, after logging out,
or should another be assigned when session_start() is called after the
redirect???
Thanks
--
Gerard Samuel
http://www.trini0.org:81/
http://dev.trini0.org:81/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
