Hi,
Friday, November 29, 2002, 4:58:02 PM, you wrote:
GS> I was just going through the archive. Seems this comes up enough for me
GS> to think I have something wrong.
GS> A simplistic code flow of events...
GS> <?php
GS> session_start();
GS> // user successfully logs in, set a session variable
GS> $_SESSION['user_id'];
GS> // when the user logs out, destroy session and redirect to top
GS> $_SESSION = array();
GS> setcookie(session_name(), '', time() - 3600);
GS> session_destroy();
GS> header('location: back_to_top');
?>>
GS> Ok, so when the user logs in, a session id is assigned to them.
GS> When they log out and are redirected to the beginning, the session id is
GS> the same (verified by the file name in /tmp and cookie manager in mozilla).
GS> My question is, even though the session contains no data after its
GS> destroyed, should the session id remain the same, after logging out,
GS> or should another be assigned when session_start() is called after the
GS> redirect???
The browser will send the old cookie and as the name is probably the same as the
the old session it will get used again, or at least I think that is what is
happening :)
This should not be a problem as the data associated with the old session is
gone.
If you close the browser and start a fresh one you will get a new session id.
--
regards,
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
