www.webdeveloper.com
Results 1 to 4 of 4

Thread: regenerate session id

  1. #1
    Join Date
    Jan 2005
    Posts
    592

    regenerate session id

    Hi

    I want to add another level of security when using php sessions. So i will simply change the session id everytime the page loads.

    The code i use is:

    PHP Code:
        $tmpSession=$_SESSION;
            
    session_destroy();
            
    session_id(md5(microtime()));
            
    session_start();
            
    $_SESSION $tmpSession
    Now the problem that i have is that for some reason php adds the session id into the url which I dont want. can anyone help how to do the same thing without having the session id in the url??

  2. #2
    Join Date
    Jul 2006
    Location
    Nebraska
    Posts
    380
    There is a function for this, session_regenerate_id()
    It will set a new cookie if enabled, thus no sessid in the URL

  3. #3
    Join Date
    Jan 2005
    Posts
    592
    Yeah i have seen that function but unfortunatly my webhost is running php 4.3.0 and that function came into php at 4.3.2. So i need to think about something else.

    any idea?

  4. #4
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,742
    You are not clearing the session cookie. Look at the examples in the manual on the session_destroy page.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles