session_id() never changes

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
laudakwah
Forum Newbie
Posts: 1
Joined: Wed Jul 31, 2002 1:34 am

session_id() never changes

Post by laudakwah »

Hi,

I run this code when a user logs off to kill a session:

session_start();
session_unset();
session_destroy();

but when a different user logs in on the same browser, he gets the same session_id() as the user before him. is there a way to make sure all users get a different session_id()?

thanks
Zhen
Taikonaut
Forum Newbie
Posts: 2
Joined: Wed Jul 31, 2002 8:51 am
Location: Gelsenkirchen, Germany

Post by Taikonaut »

When cookies are activated, then the session_ID is always the same!!!
how
Forum Newbie
Posts: 1
Joined: Wed Jul 31, 2002 9:53 am

session

Post by how »

different user use different session ,you should operate the different ids and session can control them. :idea: [/list][/b]
daemorhedron
Forum Commoner
Posts: 52
Joined: Tue Jul 23, 2002 11:03 am

Post by daemorhedron »

While I am not entirely clear on your problem, if people are logging in from a different computer each time, they should DEFINITELY be getting a unique session_id() as the php default. If you mean that 2 people are sitting at the same computer, 1 guy logs on then off, and the next guy shows up and goes to login and gets the same session_id() that's to be expected.

When you session_start() php will actually automagically cookie the client with the session_id() value. The default time out on this cookie (I believe) is never (check and change it with session_get_cookie_params() and session_set_cookie_params() ). That's why 2 people at the computer using the same browser will seem to have the same session_id(), due to that magic cookie.

You can manually set the session_id(); in your script. This would have to be done before your user logs in, and before you first call session_start();

Code: Select all

function gen_uid() {
    $uid = md5 (uniqid (mt_rand()));
    return $uid;
}

function login() {
    session_id(gen_uid());
    session_start();
}
HTH!
EricS
Forum Contributor
Posts: 183
Joined: Thu Jul 11, 2002 12:02 am
Location: Atlanta, Ga

Post by EricS »

You only thing you're having a problem. When you destroy a session all the data that the server is storing of behalf of the session is destroyed. Now if cookies are enabled then the session id for concurrent sessions with that browser will be the same till the browser cookie expires or is deleted.

This should not cause any problems with any scripts your running unless you are using session functions for reasons other than what they were originally intended for.

Hope this helps
Post Reply