Problem destroying sessions

DungeonMaster

I got a little problem with sessions.

I wrote this script:

<?
session_start();

if (session_is_registered("usuario"))
{
  session_unset();
  session_destroy();
  setcookie(session_name(),"",0,"/");
  header("Location: $start_page"); //redirect to the same page
}

$page = "

<html>
<head>
</head>
<frameset rows=\"18%,*\" cols=\"*\" framespacing=\"0\" frameborder=\"NO\" border=\"0\">
  <frame src=\"menu.php\" name=\"topFrame\" scrolling=\"NO\" noresize >
  <frame src=\"sistema.php\" name=\"mainFrame\">
</frameset>
<noframes><body>
Your browser don´t support frames</body></noframes>
</html>

";

print $page; //PRINT THE HTML CODE
?>

the script above writes a frameset to the screen, with the frames menu.php and sistema.php

Well, the menu have a dropdown list to chose the location, and when the user select a location, the session variable 'cod_local' is set to that location.

Notice that everytime I enter the page, my frameset destroy the session, making the user have to re-login after a refresh or after exiting and reentering my page (I want it to be that way).

everything is working fine, but when I use CTRL + N (new window on IE6), a new window pops up, with the user loged out (as I espected). But when the user login on the second window, changes in the location of one window afect the other window, as if both the windows where sharing the same session.

when I use

print session_id();

, both windows prints the same id, so I tryied this

<?
session_id(uniqid(rand())); //Creates a new unique ID

session_start();

if (session_is_registered("usuario"))
{
  session_unset();
  session_destroy();
  setcookie(session_name(),"",0,"/");
  header("Location: $start_page"); //redirect to the same page
}

$page = "

<html>
<head>
</head>
<frameset rows=\"18%,*\" cols=\"*\" framespacing=\"0\" frameborder=\"NO\" border=\"0\">
  <frame src=\"menu.php\" name=\"topFrame\" scrolling=\"NO\" noresize >
  <frame src=\"sistema.php\" name=\"mainFrame\">
</frameset>
<noframes><body>
Your browser don´t support frames</body></noframes>
</html>

";

print $page; //PRINT THE HTML CODE
?>

now, when I make

print session_id();

, the windows now prints different ID´s, BUT THEY ARE STILL SHARING THE SAME SESSION!!!

I´m using PHP 4.3.0 and Apache 1.3.26 on Linux and I´m starting to think it´s a bug. Anyone can help me???

Sorry for the long post.

keith73

It's not a bug, it's a feature. 🙂

seriously though, when you create a session using a cookie, it doesn't matter how many browser windows you open, the cookie is set in your browser. You can not set a cookie and then use 2 different browser windows.

you need to either use sessions via url or open another browser window.

the new unique ID you created just overwrites the old one in the cookie. if you reload the original window after opening a second one, you'll see it change to the new id.

keith

DungeonMaster

Hum, thanks for the explanation.

Well, I will try to use sessions via GET, but I was wondering. The setcookie function receives as the first parameter the cookie name, with by default is the session name. In PHP.ini the default session name is PHPSESSID. So everytime a window is opened, it uses the coookie labeled PHPSESSID.

If I change the name of the session every time my frameset loads, will it not solve my problem???

<?
$sessname = "session".rand();
session_name($sessname);

session_start();

if (session_is_registered("usuario")){
  session_unset();
  session_destroy();
  setcookie(session_name(),"",0,"/");
}

//PRINTS FRAMESET

?>

when I open a new window with ctrl + n, the new window will get a new session name. Will it not have diferent sessions now?

I think I will try this tomorrow at work.

keith73

I had a typo in my earlier reply when I said,

you need to either use sessions via url or open another browser window.

what I meant was you'd need to test it in another BROWSER. So if you're using IE, open up Mozilla/Opera/Netscape/etc. and use that for another session.

you couldn't just change the name of the cookie because your script needs to know which cookie to associate with which window.

A better question here is why would you want to have 2 windows open and be logged in to 2 different sessions?

The only way to have multiple sessions open is to use the URL method of passing the session_id which means that before you call session_start(), call this:

ini_set('session.use_cookies',FALSE);

PHP will then automatically append the session ID to all links on the page.

When you open a new window, you will have the same SID until you start a new session in that window.

keith