how to get unique session numbers in php

Question

I am trying to create two separate sessions- one for if the user is admin and another if the user is author. $type stored type as enum (can be either author or admin). But, I am not getting unique session id's for my sessions. I am new to PHP and MySQL . can somebody tell me where the error is in my code. Please help

    <?php
      session_start();
    ?>


    <?php
    include("dbconnect.php");
    $con= new dbconnect();
    $con->connect();
    //create and issue the query
    $sql = "SELECT type FROM users WHERE username = '".$_POST["username"]."' AND password = PASSWORD('".$_POST["password"]."')";

    $result = mysql_query($sql);

    //get the number of rows in the result set; should be 1 if a match
    if (mysql_num_rows($result) == 1) {
       $type_num=0;
        //if authorized, get the values
          while ($info = mysql_fetch_array($result)) {
        $type =$info['type'];
        }

         if($type == "admin")
            {
             $_SESSION['type']=1;
             $u = 'welcome.php';
             header('Location: '.$u);  
            }
           else
            {
              $_SESSION['type']=$type_num;
              $u = 'welcome.php';
              header('Location: '.$u);


            }
        } 
          else {
            //redirect back to loginfailed.html form if not in the table
            header("Location: loginfailed.html");
            exit;
            }
            ?>

welcome.php is as follows:

<?php
  session_start();
?>

<html>
<body>
<h2>Welcome to SOD73.</h2>
<?
if($_SESSION['type']==1){
     echo "You are of the usertype Admin and your session id is ";
     echo session_id();
     session_destroy();
}
else {
echo "You are of the usertype Author and your session id is ";
echo session_id();
session_destroy();

}
?>

</body>
</html>

Answer 1

You have to use session_regenerate_id() before call session_destroy() in the file welcome.php