[php] session_start() <-- not logical, burdensome
As most of guys would know,
as long as session-cookie on the client is alive,
regardless of deleteing a session file on the server side,
session_start() function always regenerate the same session id
which previously was used.
so ppl solve this problem, by
=> setcookie(session_name(),"","")
something like this...
but, the solution is very dependent of the client side.
what if the cookie isn't really dead, as opposite to ur guess.
then if u do session_start() again, the same session id would
be revived.
my point is when u initiate session by using session_start(),
u should make sure that the session id must be created by server
side, and not regenerated by client.
so i am asking, what do u guys think of the following??
(soluion A).
session_set_cookie_params(1,'/');
session_start();
session_destory(); <-- a record is deleted from session db clearly
session_set_cookie_params(0,'/');
session_start();
(solution B)
Generate random session name,
instead of using only PHPSESSID.
Last edited by firetankiee1; 05-08-2006 at 03:40 AM.
|