Ending a session

timbr8ks

I am building an educational tool that is used in classrooms. I manage a lot of information using sessions. However, I want the session to go away entirely when the user logs off. The next user who logs on should have a completely different session_id.

My log-out script looks like this:

<?php 
session_start();
session_unset();
session_destroy();
session_regenerate_id();
header ("location: index.php");
?>

I tried it without session_start(), but it threw an error. So, I started adding stuff and ended up with the three lines you see.

I thought I had hit it with session_regenerate_id(), but that doesn't seem to do it. As a test, I created a page with this code:

<?php
session_start();
$old_sessionid = session_id();
session_regenerate_id();
$new_sessionid = session_id();
echo "Old Session: $old_sessionid<br />";
echo "New Session: $new_sessionid<br />";
?>

What I find, however, is that the "Old Session" is the same every time. In other words, as I refresh the page, I always get a different New Session, but the Old Session, the one that is live when I first hit the page, never changes.

Ideas?

Thanks.

kubis

use this:

session_start();
// some php code, with all that application logic...

session_destroy();
header('Location: login.php');
exit();

this should work

timbr8ks

You'll note that I have session_destroy() in my log-out code. The next person who logs in still gets the same session_id, however. The code below does not produce a new session_id each time:

<?php
session_start();
$old_sessionid = session_id();
session_destroy();
echo "Old Session: $old_sessionid";
?>

kubis

timbr8ks wrote:
The next person who logs in still gets the same session_id, however. The code below does not produce a new session_id each time

sure it does get the same session id, but the session content should be deleted; if you want to use another sesison id, try to use :

session_id(md5(microtime()));
session_start();