|
|
Posted by Jason Barnett on 05/11/05 22:37
Ville Mattila wrote:
....
>
> session_destroy();
> session_regenerate_id();
> session_write_close();
> Header("Location: ...");
> exit;
>
> For my point of view, this should do exactly what I like to do: destroy
> the old session data, generate a new one, write them and redirect the
> user to next page.
And you're partly right. From the client's point of view it's still the
same session. Why? Because you didn't destroy the cookie as well as
the session data. So you're generating fresh session data, but the id
is the same.
In other words:
- Page1.php
- PHP reaches this session termination code
- session file on hard drive / in DB / whatever for current SID is
destroyed
- $_SESSION still exists! Although this might be ok?...
- execution for Page1.php ends (Header and then exit)
- Page2.php starts
- PHP reads in the session ID from the cookie
- SID is the same as what was used in Page1.php
- However, no session data exists for this SID so PHP starts up a
*new session* with the *old SID*
>
> I remember somehow that there have been problems with SetCookie and
> Header("Location: ..") combination. Could this session problem arise due
> same reasons?
>
Sort of. This is what you need:
http://php.net/manual/en/function.session-destroy.php
Navigation:
[Reply to this message]
|