How to kill sessions?

[Apollo6]

I thought I had a good grasp of sessions until...

I have several scripts where I initialize a session and pass user_id, password along to different pages. My problem is that if the user never closes out the browser and a different user logs into the site, it pulls up the previous user's information.

I've looked at session_destroy(), session_unset(), and $_session = array(); but no luck.

Is this something in the php.ini file or apache.conf file?

I am using PHP4.3.1 and Apache 1.3.27.

Any suggestions would be great.

 

[smashing]

You should use: session_start();
just before you use
session_destroy();

Although the name of the function may not sound like it, it is PHP's way of first refering to and reconizing the session you are talking about - then it can be destroyed.

 

[WoodyRoundUp]

it depends on you call your code.

You can post your code here, so we can help to see.

 

[Itshim]

You may want to delete the cookie on the user's machine also. I use this function whenever I destroy a session, without any problems.

<?php
function logout() 
{
    // Unset all of the session variables.
    $_SESSION = array();
    	
    //Delete session cookie
    if (isset($_COOKIE[session_name()])) {
        setcookie(session_name(), '', time()-42000, '/');
    }
    	
    //Destroy the session.
    session_destroy();
}
?>

HTH,
Itshim

 

[Apollo6]

Thanks to all for the input. Actually what I ended up needing to do was to change the PHP.ini file to 'nocache'.

Thanks again.