Page 1 of 1

empty session_id after session_destroy

Posted: Fri May 02, 2008 3:20 pm
by clickzilla
Hi all,

Something weird is going on with my script.

I've written a script for an online shop with membership system. The thing is that after the user has logged out, it cannot login again (without restarting the browser).

The thing is that the script runs smoothly on localhost ...

This is the logout function
Code:

Code: Select all

function logout(){
 
    //  this function kills cookies and destroys session varibles; ( LOGOUT )
    setcookie(COOKIE_NAME, ' ', time()-(COOKIE_TIME*1000), COOKIE_PATH);
    setcookie(COOKIE_KEY, ' ',  time()-(COOKIE_TIME*1000), COOKIE_PATH);
 
    $_SESSION = array();
    unset($_COOKIE[session_name()]);    
    session_destroy();
return true
}
And ofcourse, this is how the login function registers sessions
Code:

Code: Select all

    if($remember == 1){
        // set cookies
        setcookie(COOKIE_NAME, $email, time()+COOKIE_TIME, COOKIE_PATH);
        setcookie(COOKIE_KEY, $key, time()+COOKIE_TIME, COOKIE_PATH);
    }
    //register and set sessions
    session_register(COOKIE_NAME, COOKIE_KEY);
    $_SESSION[COOKIE_NAME] = $email;
    $_SESSION[COOKIE_KEY] = $key;
The site also uses securimage.php (from phpcaptcha.org) for form validation which also fails every time after logging out...

Basically, after session_destroy() is called, session_id returns empty.

I've ran out of ideas ... what am I missing?

Re: empty session_id after session_destroy

Posted: Sat May 03, 2008 4:43 am
by clickzilla
I've fixed this issue by commenting the session_destroy() line.