I have a script that has confirmed a user's login credentials and wants to
move onward. I want to regenerate the session ID, so I have code something
like this:
$_SESSION = array(); // Wipe the in memory data
session_destroy(); // Wipe the on disk data
session_regenerate_id();
$_SESSION['username'] = $_POST['username'];
$_SESSION['authorised'] = True;
$_SESSION['active'] = True;
header( "Location: http://" . the_index_page...
The objective is to wipe everything to do with the session and start
completely afresh.
This code doesn't work as I want, because the session_destroy() doesn't
actually remove the data on the disk until the script exits. What appears
to happen is the session in memory is cleared, the new ID correctly
generated, the new session is populated, and then the new session is
destroyed! By the time the index page loads the session is empty again,
because the file on disk is empty.
Removing the session_destroy() allows things to work, but leaves traces in
the file in the temp directory. See the comment by licp at
http://au2.php.net/manual/en/functio...enerate-id.php. The post
on that page by chris appears to do what I want but he uses a
session_close() function which doesn't exist (at least not in PHP 4.3.4
which is what I'm using on SUSE Linux).
So the question is, how can I completely wipe a session and start a new one?
--
The email address used to post is a spam pit. Contact me at
http://www.derekfountain.org : <a
href="http://www.derekfountain.org/">Derek Fountain</a>