PHP :: Bug #22396 :: session id doesn't change when session

Bug #22396

session id doesn't change when session_start is called multiple times

Submitted:

2003-02-24 11:34 UTC

Modified:

2003-02-25 07:51 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

milan_mlynarcik at hotmail dot com

Assigned:

Status:

Not a bug

Package:

Session related

PHP Version:

4.3.0

OS:

WinXP

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	milan_mlynarcik at hotmail dot com
New email:
PHP Version:		OS:

New Comment:

[2003-02-24 11:34 UTC] milan_mlynarcik at hotmail dot com

<?php
	session_start();
        $sid1 = session_id();
	session_unset();
	session_destroy();

	// ...and create new one
	session_start();
        $sid2 = session_id();
        if ($sid1 === $sid2) {
          print 'equals';
        } else {
          print 'doesn\'t equal';
        }
?>

This prints 'equals'...is it OK ? I think that session id should change between two different sessions...

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-02-24 12:39 UTC] alexws@php.net

Confirming.

Looks like sessions are started only once. This issue is even with session_write_close(). session_start() after any session-closing commands simply does not work. It would be better if it reloaded session (or created new, depending on was it destroyed or saved). It is a pain to redirect the page to self to get session data again.

Hope it'll be fixed. Sometimes it is needed to unlock session/then access it again.

[2003-02-25 02:31 UTC] sniper@php.net

Of course it doesn't change..it's already set in the cookie.
This is a feature actually..

[2003-02-25 07:51 UTC] milan_mlynarcik at hotmail dot com

I don't use cookies...my session.use_cookies in php.ini is set to off. My answer is if session_start() called after session_destroy() should generate new session id or same one? Look at the code again to understnd what I mean.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Dec 16 16:00:01 2025 UTC