Session is not destroyed even after closing browser

Question

I'm building a site (e-commerce) which stores session_id in DB
(Generated by $session = session_id(); ). I need to destroy it once checkout completes. I've added

session_unset();
session_destroy();

at the end, but a simple print shows that session_id() is not being destroyed and is the same even after checkout. How can I completely destroy that. As you probably know, Firefox destroys all session on close while Chrome does not. I'm trying to destroy the session_id() generated. Any ideas ?

Possible duplicate of [Destroy PHP Session on closing](http://stackoverflow.com/questions/4146647/destroy-php-session-on-closing) — B001ᛦ, Dec 14 '15 at 11:21
Have you tried to prevent storing cookies by calling session_set_cookie_params(0); before session start? — Akhil Balakrishnan, Dec 14 '15 at 11:36

score 0 · Answer 1 · answered Dec 14 '15 at 18:13

0

So after thinking and surfing the internet, Many people said that it is a bad idea (not sure why) to store id generated from session_id() So, instead I used uniqid()
I do something like this to generate the id on the first page and then start the session on every page and get its value via $_SESSION

session_start();
if (!isset($_SESSION['session_id']))
{
    $session = uniqid();
    $_SESSION['session_id'] = $session;
}
else
{
    $session = $_SESSION['session_id'];
}

Turns out, this solved my problem. I can easily session_unset(); / session_destroy(); the session at the final checkout step (where cart is dumped)

answered Dec 14 '15 at 18:13

candh

238
2
13

Session is usually stored in a cookie and your server just reuses the same session ID the client previously had. – sashok_bg Dec 14 '15 at 18:17
@sashok_bg which is really cool.. If the user adds items to cart and then re-opens the website and it's still there. But, only if they're using Chrome :P – candh Dec 14 '15 at 18:21

Session is not destroyed even after closing browser

1 Answers1