I have a site which uses sessions to store variables and follow users through the site. I use the resultant data to report on session times and page views etc.
I have a problem where some users are reusing session that are sometimes months old. I can only assume this is beacuse they have bookmarked the site when it has the SESSID=xxx in the url, so on return they pick up where they left off. So, it's easy enough to tell if the session is being recycled after a abnormal length of time, but can I destroy their session ID and create a new one for them to use?
The process I would have to use is:
1. Get their session ID
2. Check the DB for that ID, find the latest timestamp on the record and compare to now
3. if > maxtime then destroy the session, create a new unique session and carry on
So, how does one destroy & recreate, plus once recreated, will this session stick for the remainder of their visit, or do I need to recheck each time/page?
Advice would be great, thanks.
