--- Torsten <[EMAIL PROTECTED]> wrote: > when I destroy my session and reload my index.php. I get the same > session_id() that was just destroyed before. I've checked it after > session_destroy() with echo session(); The function returned no value > anymore. But as I said, when starting a new session the old session_id > is reappearing. Only when I set off the cookie option in my browser > session_start() gives a new session_id.
If you want a new session identifier, use this function: http://www.php.net/session_regenerate_id > I get really confused with it, because I thought that the session_id is > generated by php (a remote machine in my case) and has nothing to do > with the browser, exept I would actively set cookies. How can code it > that way, that non-independend from the cookie settings in the browser > I always can be sure to have a really new session_id? This behavior makes perfect sense if you understand how sessions work. There is some good documentation at php.net, and I have a free article on my Web site (dealing with session security) that begins with some brief introductory material on sessions: http://shiflett.org/articles/the-truth-about-sessions Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming mid-2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
