Re: [PHP] Logging out and session ids
Hi, Friday, November 29, 2002, 4:58:02 PM, you wrote: GS I was just going through the archive. Seems this comes up enough for me GS to think I have something wrong. GS A simplistic code flow of events... GS ?php GS session_start(); GS // user successfully logs in, set a session variable GS $_SESSION['user_id']; GS // when the user logs out, destroy session and redirect to top GS $_SESSION = array(); GS setcookie(session_name(), '', time() - 3600); GS session_destroy(); GS header('location: back_to_top'); ? GS Ok, so when the user logs in, a session id is assigned to them. GS When they log out and are redirected to the beginning, the session id is GS the same (verified by the file name in /tmp and cookie manager in mozilla). GS My question is, even though the session contains no data after its GS destroyed, should the session id remain the same, after logging out, GS or should another be assigned when session_start() is called after the GS redirect??? The browser will send the old cookie and as the name is probably the same as the the old session it will get used again, or at least I think that is what is happening :) This should not be a problem as the data associated with the old session is gone. If you close the browser and start a fresh one you will get a new session id. -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Logging out and session ids
Tom Rogers wrote: Hi, Friday, November 29, 2002, 4:58:02 PM, you wrote: GS I was just going through the archive. Seems this comes up enough for me GS to think I have something wrong. GS A simplistic code flow of events... GS ?php GS session_start(); GS // user successfully logs in, set a session variable GS $_SESSION['user_id']; GS // when the user logs out, destroy session and redirect to top GS $_SESSION = array(); GS setcookie(session_name(), '', time() - 3600); GS session_destroy(); GS header('location: back_to_top'); ? GS Ok, so when the user logs in, a session id is assigned to them. GS When they log out and are redirected to the beginning, the session id is GS the same (verified by the file name in /tmp and cookie manager in mozilla). GS My question is, even though the session contains no data after its GS destroyed, should the session id remain the same, after logging out, GS or should another be assigned when session_start() is called after the GS redirect??? The browser will send the old cookie and as the name is probably the same as the the old session it will get used again, or at least I think that is what is happening :) This should not be a problem as the data associated with the old session is gone. If that is the case, then the setcookie() call to destroy the clien't cookie probably isn't neccessary. If you close the browser and start a fresh one you will get a new session id. -- Gerard Samuel http://www.trini0.org:81/ http://dev.trini0.org:81/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re[2]: [PHP] Logging out and session ids
Hi, I have never bothered with the cookie, I only delete the server side info. -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Logging out and session ids
I was just going through the archive. Seems this comes up enough for me to think I have something wrong. A simplistic code flow of events... ?php session_start(); // user successfully logs in, set a session variable $_SESSION['user_id']; // when the user logs out, destroy session and redirect to top $_SESSION = array(); setcookie(session_name(), '', time() - 3600); session_destroy(); header('location: back_to_top'); ? Ok, so when the user logs in, a session id is assigned to them. When they log out and are redirected to the beginning, the session id is the same (verified by the file name in /tmp and cookie manager in mozilla). My question is, even though the session contains no data after its destroyed, should the session id remain the same, after logging out, or should another be assigned when session_start() is called after the redirect??? Thanks -- Gerard Samuel http://www.trini0.org:81/ http://dev.trini0.org:81/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php