Creating new session IDs
Posted: Fri Mar 21, 2008 5:27 pm
So here's what I want to do. I have many pages that should be public and some others that require authentication to view. I would like for a user to login, view whatever pages they want, then logout. When a user logs out I want to not only destroy the session variables but also the session ID cookie as well.
So far I have managed to get a new session ID, but there are still issues. When I use session_start() on the login page a session ID is created (along with a cookie). Then, when I go to the next page (which sanitizes input and checks for a valid user and password) I see that another, different, session ID is created and I lose all the data from the first session on the login page.
Here is code for the login page:
Here's code from the next page that checks username and password:
and here is code from the logout page:
You can see that I was testing to see if a session variable retains its value in the second page.. and it does not. Every time I go to that page I see "It's not set". What am I doing wrong here?
So far I have managed to get a new session ID, but there are still issues. When I use session_start() on the login page a session ID is created (along with a cookie). Then, when I go to the next page (which sanitizes input and checks for a valid user and password) I see that another, different, session ID is created and I lose all the data from the first session on the login page.
Here is code for the login page:
Code: Select all
[size=150]<?php
session_start();
echo "Your session id is: ".session_id();
$_SESSION['testingvar']="does it work?";
?>[/size]Code: Select all
[size=150]
<?php
session_start();
echo "Your session id is: ".session_id()."<br><br>";
if (isset($_SESSION['testingvar']))
{
echo $_SESSION['testingvar']."<br><br>";
}else
{
echo "It's not set.<br><br>";
}
[/size]Code: Select all
[size=150]
<?php
session_start();
session_destroy();
session_regenerate_id(true);
setcookie(session_name(),session_id(),"0","/");
?>[/size]