-1

What is the difference between

session_destroy();
session_start();

and

session_regenerate_id();

They look like the same in cookie behaviour but idk if any difference in server-side.

I'm using the upper solution after successful login as I saw lower one has a warning on the manual.

Currently, session_regenerate_id does not handle an unstable network well, e.g. Mobile and WiFi network. Therefore, you may experience a lost session by calling session_regenerate_id.

I want to know if there's any bad in my solution vs the manual solution.

Henryc17
  • 851
  • 4
  • 16
  • hi, request you to check this link -> [When and why I should use session_regenerate_id()?](https://stackoverflow.com/questions/22965067/when-and-why-i-should-use-session-regenerate-id) – Anant V May 07 '23 at 09:31
  • @AnantV, thank you, but this does not answer my question, I'm asking, **what is the difference between the mentioned two solutions**. – Henryc17 May 07 '23 at 10:10

1 Answers1

0

The manual is pretty clear

session_regenerate_id will keep the data and produce a new id. Whereas session_destroy will destroy all session data. The usage, therefore, depends on what you are trying to achieve.

session_regenerate_id() will replace the current session id with a new one, and keep the current session information.

When session.use_trans_sid is enabled, output must be started after session_regenerate_id() call. Otherwise, old session ID is used.

From php.net and

session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

From php.net

Rohit Gupta
  • 4,022
  • 20
  • 31
  • 41