session_start doesn't allocate a new id?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Margaret MacDonald
    #1

    session_start doesn't allocate a new id?

    I'm having a funny problem. More than likely it's something simple
    that I'm just not seeing, but ...I'm not seeing it!

    I'm storing session data in a table, following the model in Lerdorf &
    Tatroe. Everything seems to work fine until I (as 'the user') log
    out.

    The logout process purges the record from the sessions table and
    deletes the session-id cookie. This works fine. I check afterward
    and they are gone.

    But the next time I come back in, though, I have a problem.
    session_start() apparently doesn't allocate a new session id. The
    new session record has a blank in the id field, and the session cookie
    is allocated but id-less.

    So either I don't really understand how session_start works, or I'm
    inadvertently getting it confused, or....

    Any ideas?

    thanks,
    Margaret
    --
    (To mail me, please change .not.invalid to .net, first.
    Apologies for the inconvenience.)
    Tags: None
    • Janwillem Borleffs
      #2
      Re: session_start doesn't allocate a new id?

      Margaret MacDonald wrote:[color=blue]
      > But the next time I come back in, though, I have a problem.
      > session_start() apparently doesn't allocate a new session id. The
      > new session record has a blank in the id field, and the session cookie
      > is allocated but id-less.
      >[/color]

      You are probably looking for session_regener ate_id(), which is available
      from PHP v4.3.2 an up.

      When you are working with a lower version of PHP, you could do something
      like the following:

      <?
      session_start() ;
      $id = session_id();
      setcookie(sessi on_name(), $id, time()-100, "/");
      print $id;
      ?>

      (See your php.ini file for the appropriate values for the session cookie
      parameters or use either init_get() or session_get_coo kie_params() to
      retrieve them)


      JW



        Comment

        • Margaret MacDonald
          #3
          Re: session_start doesn't allocate a new id?

          Janwillem Borleffs wrote:
          [color=blue]
          >Margaret MacDonald wrote:[color=green]
          >> But the next time I come back in, though, I have a problem.
          >> session_start() apparently doesn't allocate a new session id. The
          >> new session record has a blank in the id field, and the session cookie
          >> is allocated but id-less.
          >>[/color]
          >
          >You are probably looking for session_regener ate_id(), which is available
          >from PHP v4.3.2 an up.
          >
          >When you are working with a lower version of PHP, you could do something
          >like the following:
          >
          ><?
          > session_start() ;
          > $id = session_id();
          > setcookie(sessi on_name(), $id, time()-100, "/");
          > print $id;
          >?>
          >
          >(See your php.ini file for the appropriate values for the session cookie
          >parameters or use either init_get() or session_get_coo kie_params() to
          >retrieve them)
          >
          >
          >JW[/color]

          Thanks for the suggestion, JW. I'd really like to know what's
          confusing it, though.

          It seems to be something to do with the browser--if I try to start a
          new session without closing the browser, I get one without an id. If
          I close the browser first, though, I get a proper session. It seems
          to me that it should give me a proper session whether or not I close
          the browser.

          Perhaps I'll have to break down and upgrade from 4.3.0 :-(

          Margaret
          --
          (To mail me, please change .not.invalid to .net, first.
          Apologies for the inconvenience.)

            Comment

            • Janwillem Borleffs
              #4
              Re: session_start doesn't allocate a new id?

              Margaret MacDonald wrote:[color=blue]
              > It seems to be something to do with the browser--if I try to start a
              > new session without closing the browser, I get one without an id. If
              > I close the browser first, though, I get a proper session. It seems
              > to me that it should give me a proper session whether or not I close
              > the browser.
              >
              > Perhaps I'll have to break down and upgrade from 4.3.0 :-(
              >[/color]

              No, you don't need to. The trick is that a session cookie with a reference
              to a session on the server is created.

              Without closing your browser, the session can be re-used whether you are
              logged in or not. This is because your code decides which conditions the
              session should meet to set the status on logged in or logged off. The
              session id just points to a location on your server to store the session
              data.


              JW



                Comment

                Previous template Next
                Working...