I have two users in mysql database, when one user is logged in, it gets a session id. But when 1st user logs out & 2nd user logs in it gets the same session id as of the 1st user. I want that even if the browser is not closed, but there are multiple login & logouts from the same browser, the session id should change for every user who logs in.
i use the following code :
session_unset();
session_destroy();
Call session_destroy() in your logout script.
You can also call it in the login script, if a new user logs in without the old user logging out.
From the documentation:
session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
Then you need to explicitly destroy the session or regenerate the id.
I'm guessing you're currently just leaving it hanging there.
session_start(); $_SESSION = array(); // Unset all of the session variables. // If it's desired to kill the session, also delete the session cookie. // Note: This will destroy the session, and not just the session data! if (ini_get("session.use_cookies")) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"] ); } session_destroy(); ?> – Apr 04 '13 at 06:16