Cannot destroy php session variable

[sallieann]

I am trying to destroy a session variable in php from logout.php using the following commands

session_unregister("valid_user");
session_unset();
session_destroy();

I have set the session on login.php with the following

session_start();
$valid_user = $email;
session_register("valid_user");
$temp_session = session_id();

When I logout and then login again, the same session id is applied. Could anyone give me a pointer as to why a new session id is not given.

 

[sleipnir214]

I strongly recommend that you not use session_register() and session_unregister().

Rather, I recommend that you manipulate session variables by adding, changing or removing elements from the $_SESSION superglobal array directly. This is because session_register(), in order to work, requires that the PHP runtime configuration directive register_globals be set to "on", which is a security issue.

Try the following three scripts on for size:

test_session_delete1.php:

<?php
session_start();

$_SESSION['foo'] = 'bar';
$_SESSION['bar'] = 'baz';

print '<html><body><a href="test_session_delete2.php">next</a></body></html>';
?>

test_session_delete2.php:

<?php
session_start();

print '<html><body>Before deletion:<pre>';

print_r ($_SESSION);

print '</pre><a href="test_session_delete3.php">next</a></body></html>';

unset ($_SESSION['foo']);
?>

test_session_delete3.php:

<?php
session_start();

print '<html><body>After deletion:<pre>';

print_r ($_SESSION);

print '</pre></body></html>';
?>

Which sets and deletes the session variables nicely.




Want the best answers? Ask the best questions!

TANSTAAFL!!