Tom Rogers wrote:
Hi,
Friday, November 29, 2002, 4:58:02 PM, you wrote:
GS> I was just going through the archive. Seems this comes up enough for me
GS> to think I have something wrong.
GS> A simplistic code flow of events...
GS> <?php
GS> session_start();
GS> // user successfully logs in, set a session variable
GS> $_SESSION['user_id'];
GS> // when the user logs out, destroy session and redirect to top
GS> $_SESSION = array();
GS> setcookie(session_name(), '', time() - 3600);
GS> session_destroy();
GS> header('location: back_to_top');
?>>
GS> Ok, so when the user logs in, a session id is assigned to them.
GS> When they log out and are redirected to the beginning, the session id is
GS> the same (verified by the file name in /tmp and cookie manager in mozilla).
GS> My question is, even though the session contains no data after its
GS> destroyed, should the session id remain the same, after logging out,
GS> or should another be assigned when session_start() is called after the
GS> redirect???
The browser will send the old cookie and as the name is probably the same as the
the old session it will get used again, or at least I think that is what is
happening :)
This should not be a problem as the data associated with the old session is
gone.
If that is the case, then the setcookie() call to destroy the clien't
cookie probably isn't neccessary.
If you close the browser and start a fresh one you will get a new session id.
--
Gerard Samuel
http://www.trini0.org:81/
http://dev.trini0.org:81/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php