|
Posted by Chris Shiflett on 12/22/52 11:11
Ken wrote:
> After unsetting and destroying the session, the same sid is generated.
No session identifier is generated at this point. This generation only
happens when there is no identifier presented by the client, or when you
explicitly regenerate it using something like session_regenerate_id().
> is this a normal behaviour?
Yes.
Are you sure you need a new session identifier?
> i did this:
>
> session_start()
>
> //kill session variables
> unset($_SESSION);
> session_destroy();
I'd have to do some tests to find out, but you might want to set
$_SESSION to attay() rather than just unset it, but these might have
essentially the same behavior (e.g., memory is freed but not overwritten).
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
[Back to original message]
|