PHP: Keep getting old Session ID after closing browser

Question

I have set up a PHP5 script which uses sessions. Starting the session goes wel, and it also creates a cookie (as expected).

However after closing the browser (Firefox 19.0.2 on Mac OSX Mountain Lion) and opening the browser the session ID stays the same. Even after a couple of days. This however while the session.cookie_lifetime is set to 0

In PHP I use this to start the session:

//set cookie params: lifetime, path, domain, https, http-only
session_set_cookie_params(0, "/", null, false, true);

session_name('MySession');

//start session
session_start();

Here is my PHP.ini

session.use_cookies = 1
session.use_only_cookies = 1
session.cookie_httponly = 1
session.cookie_lifetime = 0
session.cookie_path = /
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.hash_function = 1
session.hash_bits_per_character = 6
session.save_path = /var/lib/php5
session.name = PHPSESSID

The session files do net get removed in the /var/lib/php5 After a session_destroy() the files will be removed.

However, after using the script again (starting a session) I will get the old session ID. Last friday I logged out from my computer and now I am back I still get this old session ID. I would really like to have a new session ID after closing the browser (command Q)

I just read about a naggy 'feature' of firefox which stores the cookie for you as if you never closed the browser.

Firefox session cookies

I think this might just be the reason why. As I don't want this I need to find a work-around.

Can you advise me about this?

Answer 1

You have to set the cookie life time in the function other wise it will remains there. You have to provide some expire time there. Here are some examples contributed http://php.net/manual/en/function.session-set-cookie-params.php