Session not being destroyed

reisve

Hi
I have a login form and a login script. It was supposed to destroy an existing session ID for that session and create a new one each time the user enters the login script, like if a diferent user gos to the login form and loggin without closing the browser.

However when the user enters the login script the session does not get recriated.

this is the script (part of...):

<?
session_start();
session_destroy();
session_regenerate_id();

include "lib/include.php";

if ($_POST['nick'] != "" and $_POST['passwd'] != "") {

$sessionid = session_id();
$lognick = $_POST['nick'];
$logtime = date("YmdHi");

$sql ="SELECT sessionId FROM onlineusers WHERE sessionId = '$sessionid'";
$result = mysql_query($sql) or error(mysql_error());
if (mysql_num_rows($result) != 0) error("Already Login");

Can anyone help?

Thank You

alimadzi

You don't need session_destroy() here. The id will regenerate properly without it. Move it to the end of your script and you should be fine.