Page 1 of 1

Creating new session IDs

Posted: Fri Mar 21, 2008 5:27 pm
by kal2219
So here's what I want to do. I have many pages that should be public and some others that require authentication to view. I would like for a user to login, view whatever pages they want, then logout. When a user logs out I want to not only destroy the session variables but also the session ID cookie as well.

So far I have managed to get a new session ID, but there are still issues. When I use session_start() on the login page a session ID is created (along with a cookie). Then, when I go to the next page (which sanitizes input and checks for a valid user and password) I see that another, different, session ID is created and I lose all the data from the first session on the login page.

Here is code for the login page:

Code: Select all

[size=150]<?php 
 
session_start();
 
echo "Your session id is: ".session_id();
 
$_SESSION['testingvar']="does it work?";
 
 ?>[/size]
Here's code from the next page that checks username and password:

Code: Select all

[size=150]
<?php
 
session_start();
 
echo "Your session id is: ".session_id()."<br><br>";
 
if (isset($_SESSION['testingvar']))
{
     echo $_SESSION['testingvar']."<br><br>";
}else 
{
     echo "It's not set.<br><br>";
}
 [/size]
and here is code from the logout page:

Code: Select all

[size=150]
<?php
session_start();
session_destroy();
session_regenerate_id(true);
setcookie(session_name(),session_id(),"0","/");
?>[/size]
You can see that I was testing to see if a session variable retains its value in the second page.. and it does not. Every time I go to that page I see "It's not set". What am I doing wrong here?

Re: Creating new session IDs

Posted: Fri Mar 21, 2008 6:00 pm
by kishanprasad
try to remove session_start() from the second page so that every time it will create a new 1 untill u pass it,



and it is required only when you want to create a new session .....

Re: Creating new session IDs

Posted: Fri Mar 21, 2008 6:11 pm
by kal2219
I tried that, but it doesn't help. Now the second page won't show a session ID at all. I think I have to use session_start() to resume the session...

Re: Creating new session IDs

Posted: Fri Mar 21, 2008 11:24 pm
by tecktalkcm0391
headers might be sent already if you have other codes running... but the session_start as the VERY first item on the page... see if that works. also, you can try adding a session name, which needs to come DIRECTLY after the session_start on the second line.

Re: Creating new session IDs

Posted: Sat Mar 22, 2008 11:34 am
by kal2219
That worked! I put the php code for the session_start() at the top of the page and now it works just fine. However, I'm still a little fuzzy on why that was necessary. Can you explain that in more detail?

Thanks.

Re: Creating new session IDs

Posted: Sat Apr 05, 2008 12:39 am
by tecktalkcm0391
when you create a session, the default PHP settings is to send a cookie...

a cookie has to be send before anything else or "headers" to the file so when you start it first, nothing has been already sent to the browser

a way to prevent any headers from being send (even thought its sloppy) is to start the very first line with ob_start(); which starts output buffering... this prevents anything from being sent until the last line of PHP is completed or a flush command is executed

Does that clarify it for you?