PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Caching Web Page Output for Server Optimization
OO Programming in PHP
Best Practices: Database Abstraction
Sending MIME Email With PHP
In Case You Missed It...The Week of September 5, 2005

[phplib] delete session problems From: jeff alerta (jalerta <email protected>)
Date: 11/10/00

Next message: senthil: "[phplib] Re: [PHP] com support"
Previous message: Chester McLaughlin: "[phplib] PHP4 & PHPLIB"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

I have a shopping cart application that uses PHPLIB 7.2b Sessions to
maintain state across pages. I have created a processPurchase page and a
logout / thankyou page that the user is redirected to after making their
purchase.

I use the page_open(array("sess" -> "Session_Name")) function on all
the application pages and I pass the SessionID in the URL of all links
on all the pages, so as to deal with browsers that have cookies
disabled.

After the user has made their purchase, the processPurchase page is
called to process it. After processing the purchase, I unregister()
variables that were used in the cart and then use the $sess->delete()
function to delete the session variables. I then redirect the user to
the logout / thankyou page.

I had to find the latest CVS of PHPLIB and copy the put_id() function
from that version, as the put_id() function in version 7.2b did not
work correctly in GET Mode.

Watching the active_sessions table, I see that the session ID and stuff
are being deleted when the $sess->delete() is called.

However, after the user is redirected to the logout / thankyou page
(the SessionID has been deleted), *IF* the user goes back to any page of
the application, the *SAME* SessionID is re-initialized and reappears in
the active_sessions table. None of the links on the logout / thankyou
page to other pages within the site pass the SessionID variable. So
where is the old SessionID coming from?

I assumed that if $sess->delete() is used, the current SessionID is
deleted (I can see it is removed from the active_sessions table) and is
no longer available on other pages. I purposely do NOT use the
page_close() function after the call to $sess->delete() to avoid
re-saving any session variables.

So, when a user goes to another page in the site, since the old
SessionID no longer exists, they should be assigned a NEW SessionID,
right? Well why does this not happen in my case?

Anyone have any suggestions or possible solutions?

Any and all help will be greatly appreciated.

TIA.

jeff alert
nestworks.com

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>

Next message: senthil: "[phplib] Re: [PHP] com support"
Previous message: Chester McLaughlin: "[phplib] PHP4 & PHPLIB"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]