Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations MikeeOK on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Session HELL

Status
Not open for further replies.
salewit

salewit

Programmer
Oct 31, 2002
58
US
Ok, I'm trying to create a script kind of like a shopping cart. No money or private information involved. Just collecting data and e-mailing it on.

Everything was working great. I was using a program called PhPSecurePages to handle the authentication.

I was also snagging the Session ID to help me keep track of things. Here's the problem... I can't seem to end that session ID for anything!

If the $phpsessid = "123abc" (kept short as an example), I can close the browser, come back in twenty minutes and the id is identical. I've tried:

<?php
session_unset();
session_destroy();
session_id("");
?>

Doesn't matter. The session returns. I'm not using ANY session variables, just the $phpsessid. What's going on here? All I want to do is finish with someone, clear out the ID forever, and have it create a new one at the next login. Is this possible? Is this not typically the way its done?

Thanks
 
Sort by date Sort by votes
How are you testing for the absence of the session index cookie and its associated value? Any time you use session_start(), if a session index cookie doesn't exist, PHP will set a new one.

You could try deleting the session cookie from the browser by setting its expiration date to a time in the past. See the documentation on setcookie() for more information.



Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
I thought that the session cookie was in-memory which means if the browser (and all the browsers created by ctrl-n or windows.open) is closed the cookie will go away.
If the cookie is permanant i.e has an expiry time set for it you might pick it up later.
I wonder if you have a corrupt cookie cache or the time to live for the cookie is forever.
I'm assuming that you dont pass the session_id around in a query string e.g. fred.php?$phpsession=efeofoer
I discovers that cookies behave differently depending on how the browser starts and how the coookie is set up.
If you ctrl-n a window you get a new thread and share the data segment in the browser. If you start another instance by running iexplore.exe (click the icon) you get a fresh browser.
All this is on windows using internet explorer
 
Upvote 0 Downvote
ingresman:
By default, session index cookies are set last only so long as the current browser session. But that behavior is set by the PHP runtime configuration directive session.cookie_lifetime.



Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
Well thanks for the help. I just don't know enough about this stuff (newbie). It was my understanding that the session ID ($PHPSESSID) dissappears when the browser is closed, but that was definitely not the case in my instance.

I searched all my cookies and there don't seem to be any being set for this website or with the name "phpsessid" in it which is what I understand it is supposed to be set at. And I've searched my entire drive. And no it isn't being used in the URL.

I've kind of come up with a workaround that seems to be working fine. I create my own session variable using a randomly generated number. Then when I'm done, I just do a session_unset(), session_destroy() and that is seems to be working fine. I'm using 8 digits for the random number, and it is expected to be a very low useage site, so I think the odds of the same number coming up are fairly low.

Thx
Sam
 
Upvote 0 Downvote
For that, I wouldn't even use sessions -- there's no point unless you're going to actually use session variables. I'd just set a regular cookie and expire it when I was done with it.

By the way, what version of PHP are you running on what plaform with what web server?

As an aside, I don't know what browser you're using, but I've found Opera very handy when debugging cookie issues. That browser provides very good facilities for viewing and manipulating cookies.



Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
Hmmm I have Opera installed somewhere... haven't used it in a long time though.

Yes, session variables is what I meant to say I was using. Seems to be working fairly well. Is there a security difference between using the two? All I'm holding in the session variables is a random "reference number" and the login ID# for the user that is logged on. All other info is stored in a MySQL database.

My web host is running 4.3.3 on a Linux server.
 
Upvote 0 Downvote
salewit:
There's no security difference between the two if you aren't using the cookie you set to store real information. It's just that PHP's session mechanism is performing a lot of operations that you aren't using.



Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

southbeach
  • Locked
  • Question
Haunted by vanishing session 1
Replies
4
Views
356
southbeach
southbeach
southbeach
  • Locked
  • Question
Problem with session dropping/loosing value
Replies
1
Views
233
southbeach
southbeach
charlion
  • Locked
  • Question
hello everyone. im working on a js
Replies
2
Views
230
vacunita
vacunita
LWolf
  • Locked
  • Question
Can't get session variable 1
Replies
2
Views
270
LWolf
LWolf
southbeach
  • Locked
  • Question
store session in database - Is there a simple method? 1
Replies
4
Views
268
southbeach
southbeach

Part and Inventory Search

Sponsor

Back
Top