HELP!!! Generate New Session_id()

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
BlueHippo
Forum Newbie
Posts: 9
Joined: Tue Aug 02, 2005 8:45 pm

HELP!!! Generate New Session_id()

Post by BlueHippo »

Hi everyone,
i want to generate a new session_id() when i open a new page....
i know a session_id() is create when we use session_start() at the beginning of the page, and when we click on a popup window, that window will use the same session_id() untill all window is close....

Currently i use session_regenerate_id() to generate a new session_id(), example: old session_id = 99999 then after generate new session_id become 33333.
But the new session_id only use on the current page when i open up a popup window, the session_id() become the old session_id() which is what i dont want.

can anyone help me solve this problem?? i want to use the new generate session_id() on the new open window rather that the old session_id().

Thanks.

Here is my code:

Code: Select all

<?php
session_start();

$old_sessionid = session_id();

session_regenerate_id();

$new_sessionid = session_id();

echo "Old Session: $old_sessionid<br />";
echo "New Session: $new_sessionid<br />";

?> 

<html>

<head>
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
<meta name="generator" content="Adobe GoLive">
<title>GAM Login Page</title>
</head>

<body bgcolor="#ffffff">
<br>Request Page
<p>
<a href="MultipleLoginTest.php" onClick="window.open(‘Test.php’);"> go</a>
</body>
</html>
feyd | *grumble*
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

the "new" window will need to generate the ID, as the current page will get whatever is set through that page's request, and as such will continue on to all new pages..
BlueHippo
Forum Newbie
Posts: 9
Joined: Tue Aug 02, 2005 8:45 pm

Post by BlueHippo »

feyd, thanks for the reply :P

I had try ur method with putting a session_id() generate in the new page(Test.php), but the session generate another new session_id() which is different in the previous generate one.... :cry:

i want to use back the previous generate session_id()......
Anyone can help?? Please :(

Thanks
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

you want to use the original session ID? that's not quite possible unless you control the session creation system either through overloading the session handler functions in the php core, or your own home grown version..
BlueHippo
Forum Newbie
Posts: 9
Joined: Tue Aug 02, 2005 8:45 pm

Post by BlueHippo »

feyd, thanks

actually i am dont want to use back the original session_id().

Is like that... when we open a page, session been create, lets say sessionA. Then i wanna generate another session_id() to be use for the rest of the page. After generate, sessionB will create....

But when i open a popup window, the session_id() become sessionA and not sessionB.

That is what i dont want.....
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

just ignore the session being set on the second page, creating a new session... I don't see much point in having a session for only 1 page, the sessions are meant to transfer data across multiple pages..
BlueHippo
Forum Newbie
Posts: 9
Joined: Tue Aug 02, 2005 8:45 pm

Post by BlueHippo »

Thanks again feyd :D

Ya u are right....but the session_id() is the primary key in the table i use....so each page of the window need to have same session_id().

Why i want to generate a new session_id():
when a user login, i want to give them a new session_id() and they can use it for the rest of the page.....so the session_id need to be different from the login page.

for example:

Login(session_idA) -> Generate -> User1(sessionB) ->Open popup window(sessionB)
-> Generate -> User2(sessionC) ->Open popup window(sessionC)
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

If you destroy the session during a page, it will regenerate on the following page (with a session creation)..

differing users will get differing session ID's, pretty much guaranteed.. so unless you want to allow multiple logins from the exact same connection, there's no point.

If you do want multiple logins from the same connection, then passing the session via URL is just about the only way to do it.. which is fairly unsecure..
BlueHippo
Forum Newbie
Posts: 9
Joined: Tue Aug 02, 2005 8:45 pm

Post by BlueHippo »

Ya thanks, feyd

It can works now..... thanks very much for ur advice and reply. :D
AGISB
Forum Contributor
Posts: 422
Joined: Fri Jul 09, 2004 1:23 am

Post by AGISB »

Allthough the chance is very slim a session_id can repeat itself in the long run. If you use it as a primary key it can lead to a serious problem depending on the application.

It is also a long index value that might slow the database down some depending on the load.
User avatar
J_Iceman05
Forum Commoner
Posts: 72
Joined: Wed Aug 03, 2005 10:52 am
Location: Las Vegas, NV

Post by J_Iceman05 »

Something you might also be able to do, is if the session id is a key index value, and if you have it auto increment; then you could insert into that table and use the auto incremented value as the session_id.
it would never repeat, and it would take a while to reach such a high amount of digits; like when i do a session_start, the session_id() is a 32 digit number.... just a thought
AGISB
Forum Contributor
Posts: 422
Joined: Fri Jul 09, 2004 1:23 am

Post by AGISB »

Just a reminder that you can use a mysql table without any primary key
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Post by josh »

It's a bad idea to implement incremental session_id's it increases the likelyhood of a session hijacking.
BlueHippo
Forum Newbie
Posts: 9
Joined: Tue Aug 02, 2005 8:45 pm

Post by BlueHippo »

Thanks every one for reply,

Someone give me a code regarding this.....and it can generate a new session_id and can use in another popup window, but the problems is:

(using the same window to login)
when i login as userA[Login Page], 'then open new window'
-> GenerateId -> User1(sessionB)[Menu Page] ->Open popup window(sessionB)

then when i login as userB[Login Page], 'then open new window'
-> GenerateId -> User2(sessionC)[Menu Page] ->Open popup window(sessionC)

But when i refresh the userA page, the sessionB will change to sessionC..... 8O

Can anyone me to solve this problem??
Thanks :D

Here is the code:

Code: Select all

<?php  
error_reporting(E_ALL); 
// I'm putting the directive in, in case they are not set.  This allows users to go without cookies as well: 
ini_set('session.use_cookies', '1'); 
ini_set('session.use_only_cookies', '0'); 
ini_set('session.use_trans_sid', '1'); 
session_start(); 

$oldsession = session_id(); 

session_regenerate_id(); 
$newsession = session_id(); 
session_id($oldsession); 
session_destroy(); 

$old_session = $_SESSION; 
session_id($newsession); 
session_start(); 
$_SESSION = $old_session; 
setcookie(session_name(), session_id(), NULL, '/'); 

?> 
<html> 

<head> 
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1"> 
<meta name="generator" content="Adobe GoLive"> 
<title>GAM Login Page</title> 
</head> 

<body bgcolor="#ffffff"> 
<br>Request Page 
<p> 
<a href="MultipleLoginTest.php" onClick="window.open(‘Test.php<?php echo SID;?>');"> go</a> 
</body> 
</html>

feyd | Come on... start doing as you are asked...
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

from what I can tell, there's no point in even using sessions like this... start the session in the logged in page and just leave it as that.
Post Reply