|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #24885 session_destroy() should optionally take session id as parameter
Submitted: 2003-07-31 09:40 UTC Modified: 2011-01-01 20:56 UTC
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: dan at danposluns dot com Assigned: jani (profile)
Status: Closed Package: Session related
PHP Version: 4.3.2 OS: Mac OS X (Unix)
Private report: No CVE-ID: None
 [2003-07-31 09:40 UTC] dan at danposluns dot com
It would be very useful to have session_destroy() 
optionally take a session id as a parameter.

This would be useful for people who want to help 
prevent hijacked sessions by using 
session_regenerate_id(). A subsequent call to 
session_destroy([previous session id]) would keep 
hijackers from using the old session file, and is much 
simpler than trying to unlink the file manually.


Pull Requests


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-04-10 04:54 UTC] mjs15451 at hotmail dot com
I came up with a solution here since the php developers don't see a need for this:
 [2011-01-01 20:56 UTC]
-Status: Open +Status: Closed -Package: Feature/Change Request +Package: *General Issues -Assigned To: +Assigned To: jani
 [2011-01-01 20:56 UTC]
There's that option in session_regenerate_id() now since PHP 5.1.
 [2011-01-01 20:56 UTC]
-Package: *General Issues +Package: Session related
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Sep 19 07:01:27 2024 UTC