Home > Archive > PHP Programming > June 2004 > session_start doesn't allocate a new id?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
session_start doesn't allocate a new id?
|
|
| Margaret MacDonald 2004-06-27, 3:55 pm |
| I'm having a funny problem. More than likely it's something simple
that I'm just not seeing, but ...I'm not seeing it!
I'm storing session data in a table, following the model in Lerdorf &
Tatroe. Everything seems to work fine until I (as 'the user') log
out.
The logout process purges the record from the sessions table and
deletes the session-id cookie. This works fine. I check afterward
and they are gone.
But the next time I come back in, though, I have a problem.
session_start() apparently doesn't allocate a new session id. The
new session record has a blank in the id field, and the session cookie
is allocated but id-less.
So either I don't really understand how session_start works, or I'm
inadvertently getting it  , or....
Any ideas?
thanks,
Margaret
--
(To mail me, please change .not.invalid to .net, first.
Apologies for the inconvenience.)
| |
| Janwillem Borleffs 2004-06-27, 8:55 pm |
| Margaret MacDonald wrote:
> But the next time I come back in, though, I have a problem.
> session_start() apparently doesn't allocate a new session id. The
> new session record has a blank in the id field, and the session cookie
> is allocated but id-less.
>
You are probably looking for session_regenerate_id(), which is available
from PHP v4.3.2 an up.
When you are working with a lower version of PHP, you could do something
like the following:
<?
session_start();
$id = session_id();
setcookie(session_name(), $id, time()-100, "/");
print $id;
?>
(See your php.ini file for the appropriate values for the session cookie
parameters or use either init_get() or session_get_cookie_params() to
retrieve them)
JW
| |
| Margaret MacDonald 2004-06-29, 3:57 pm |
| Janwillem Borleffs wrote:
>Margaret MacDonald wrote:
>
>You are probably looking for session_regenerate_id(), which is available
>from PHP v4.3.2 an up.
>
>When you are working with a lower version of PHP, you could do something
>like the following:
>
><?
> session_start();
> $id = session_id();
> setcookie(session_name(), $id, time()-100, "/");
> print $id;
>?>
>
>(See your php.ini file for the appropriate values for the session cookie
>parameters or use either init_get() or session_get_cookie_params() to
>retrieve them)
>
>
>JW
Thanks for the suggestion, JW. I'd really like to know what's
confusing it, though.
It seems to be something to do with the browser--if I try to start a
new session without closing the browser, I get one without an id. If
I close the browser first, though, I get a proper session. It seems
to me that it should give me a proper session whether or not I close
the browser.
Perhaps I'll have to break down and upgrade from 4.3.0 :-(
Margaret
--
(To mail me, please change .not.invalid to .net, first.
Apologies for the inconvenience.)
| |
| Janwillem Borleffs 2004-06-29, 8:56 pm |
| Margaret MacDonald wrote:
> It seems to be something to do with the browser--if I try to start a
> new session without closing the browser, I get one without an id. If
> I close the browser first, though, I get a proper session. It seems
> to me that it should give me a proper session whether or not I close
> the browser.
>
> Perhaps I'll have to break down and upgrade from 4.3.0 :-(
>
No, you don't need to. The trick is that a session cookie with a reference
to a session on the server is created.
Without closing your browser, the session can be re-used whether you are
logged in or not. This is because your code decides which conditions the
session should meet to set the status on logged in or logged off. The
session id just points to a location on your server to store the session
data.
JW
|
|
|
|
|