Page 1 of 1

session_id() never changes

Posted: Wed Jul 31, 2002 1:34 am
by laudakwah
Hi,

I run this code when a user logs off to kill a session:

session_start();
session_unset();
session_destroy();

but when a different user logs in on the same browser, he gets the same session_id() as the user before him. is there a way to make sure all users get a different session_id()?

thanks
Zhen

Posted: Wed Jul 31, 2002 9:02 am
by Taikonaut
When cookies are activated, then the session_ID is always the same!!!

session

Posted: Wed Jul 31, 2002 9:53 am
by how
different user use different session ,you should operate the different ids and session can control them. :idea: [/list][/b]

Posted: Wed Jul 31, 2002 11:26 am
by daemorhedron
While I am not entirely clear on your problem, if people are logging in from a different computer each time, they should DEFINITELY be getting a unique session_id() as the php default. If you mean that 2 people are sitting at the same computer, 1 guy logs on then off, and the next guy shows up and goes to login and gets the same session_id() that's to be expected.

When you session_start() php will actually automagically cookie the client with the session_id() value. The default time out on this cookie (I believe) is never (check and change it with session_get_cookie_params() and session_set_cookie_params() ). That's why 2 people at the computer using the same browser will seem to have the same session_id(), due to that magic cookie.

You can manually set the session_id(); in your script. This would have to be done before your user logs in, and before you first call session_start();

Code: Select all

function gen_uid() {
    $uid = md5 (uniqid (mt_rand()));
    return $uid;
}

function login() {
    session_id(gen_uid());
    session_start();
}
HTH!

Posted: Wed Jul 31, 2002 11:36 am
by EricS
You only thing you're having a problem. When you destroy a session all the data that the server is storing of behalf of the session is destroyed. Now if cookies are enabled then the session id for concurrent sessions with that browser will be the same till the browser cookie expires or is deleted.

This should not cause any problems with any scripts your running unless you are using session functions for reasons other than what they were originally intended for.

Hope this helps