[thelist] [PHP] $_SESSION madness

Paul Bennett paul at web-business-pack.com
Thu Oct 21 21:43:31 CDT 2004

Hi kids,

I have an application which is driving me nuts with session persistence.

I am using the following code in 'logout.php':
// set session to empty array
    {$_SESSION = array();}
if (isset($_COOKIE[session_name()]))
    {setcookie(session_name(), '', time()-42000, '/');}

(PHP 4.3.8)
This works fine on my local server (localhost), meaning that the user 
logs out and there is no evidence of their session variables upon the 
next login.

Loaded up to our test server (pre-production) the script seems to fail 
to work. A user will 'log out' and then when they go back to the 
'register' form, the values are prepoluated with the last users session 
vars (we are using the same scripts to process new users and users who 
want to alter their accounts.

My understanding is that setting the session array to an empty array in 
fact replaces the existing array values with nothing, hence 'emptying' 
the session, so could the session persistence be caused by the session 
cookie. I'm not too up with the play on session cookies, but my 
understanding is that the setcookie code above will set the session 
cookie for the domain to a time in the past, this 'unsetting' the cookie

any ideas?

More information about the thelist mailing list