发表新帖
发表新帖

why is php generating the same session ids everytime in test environment (WAMP)?

后端 未结
关注
7 1347
礼貌的吻别
礼貌的吻别 2020-12-10 20:53

i\'ve configured wamp in my system, and am doing the development cum testing in this local environment. i was working on the logout functionality, and happened to notice tha

相关标签:
7条回答
  • 别那么骄傲
    2020-12-10 21:28

    To stop session hijacking follow the below code in PHP

        session_start();

    /* to stop session hijacking */

    // Generate new session without destroying the old one
    session_regenerate_id(false);

    // Fetch current session ID and close both sessions to allow other scripts to use them
    $newSession = session_id();
    session_write_close();

    // Assign session ID to the new one, and start it back up again
    session_id($newSession);

    session_start();
    0 讨论(0)
  • 日久生厌
    2020-12-10 21:34

    Will work. Please try this

    session_start(); 
session_regenerate_id(TRUE); 
session_destroy();
    0 讨论(0)
  • -上瘾入骨i
    2020-12-10 21:35

    You must regenerate the session id using function session_regenerate_id(). Without that, the session ID would be the same between page refreshes.

    0 讨论(0)
  • 一个人的身影
    2020-12-10 21:44

    session_unset() and session_destroy() do not delete the session cookie. You have to manually unset it with a setcookie() call.

    session_unset is the converse of session_register(), and session_destroy simply cleans out $_SESSION without affecting the cookie.

    0 讨论(0)
  • 名媛妹妹
    2020-12-10 21:45

    from the manual (session_destroy):

    session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

    In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

    Unless you specifically unset the cookie, then the cookie will still exist and the next time session_start() is called, it will use that as the session id. Closing the browser also should clear the cookie because they are generally set by php to expire on browser close.

    0 讨论(0)
  • 攒了一身酷
    2020-12-10 21:50

    session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

    In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

    Taken from http://php.net/manual/en/function.session-destroy.php

    0 讨论(0)
 看不清?
提交回复
热议问题