session_regenerate_id(true) not work

Question

Possible Duplicate:
Close session and start a new one

I use wampserver2.1 php5.3.3, I found session_regenerate_id(true) not work in my script,document says when I set the parameter 'delete_old_sessions' true, there should be a new sid and all the session variables should be deleted, but the fact is after the function, $_session[abc] is still there. did I misunderstand the function,what is my problem? I appreciate if anyone can help me,

<?php
session_start();
$_SESSION['abc']=12323;
session_regenerate_id(true);
echo $_SESSION['abc'];                  
?>

I thought it should display none, but it outputs:12323

Mihai Iorga · Accepted Answer · 2012-10-09T12:14:46.597

5

session_regenerate_id() updates the current session id with a newly generated one. It does not change session variables.

echo session_id();
session_regenerate_id();
echo session_id();

You should unset session to do that:

unset($_SESSION); // or
$_SESSION = array();

How to start a new session:

session_start();
session_destroy();
session_regenerate_id();
unset($_SESSION);
session_start();

edited Oct 09 '12 at 12:14

answered Oct 09 '12 at 09:35

Mihai Iorga

39,330
16
106
107

thank you, but what is the delete_old_session parameter. for? – user995789 Oct 09 '12 at 09:38
that deletes the old session file, but it creates a new one and carries the old session vars. – Mihai Iorga Oct 09 '12 at 09:40
session_unset() or unset($_session) which is better? – user995789 Oct 09 '12 at 10:15
`session_destroy();` and `unset($_SESSION);` together – Mihai Iorga Oct 09 '12 at 10:16
1

Hi, Mihai, thank you, after tests, I found session_destroy must be invoked before session_regenerate_id, or session_regenerate_id() will not work. – user995789 Oct 09 '12 at 12:14

score 1 · Answer 2 · answered Oct 09 '12 at 09:36

session_regenerate_id sends a new cookie but doesn't overwrite the value stored in $_COOKIE. After calling session_destroy, the open session ID is discarded, so simply restarting the session with session_start will re-open the original, though now empty, session for the current request (subsequent requests will use the new session ID). Instead of session_destroy+session_start, use the $delete_old_session parameter to session_regenerate_id to delete the previous session data.

<?php
session_start();
/* Create a new session, deleting the previous session data. */
session_regenerate_id(TRUE);
/* erase data carried over from previous session */
$_SESSION=array();
?>

To start a new session and leave the old untouched, simply leave out the argument to session_regenerate_id.

Source: http://de.php.net/manual/en/function.session-regenerate-id.php#107323

score 0 · Answer 3 · answered Oct 09 '12 at 09:36

0

If you want to destroy the session-variables you can perform this: session_destroy(); and if you want to get new ID you can session_regenerate_id();

answered Oct 09 '12 at 09:36

Rob

3,556
2
34
53

session_regenerate_id(true) not work

3 Answers3

Linked