0

Why am I getting only the last session's output when printing ? I need to save a session for each user id and send a password reset email. when user clicks the link and change the password I need to clear the session from server.

This is how I am doing it with PHP.

$res = array();
$uniqueId = uniqid();
echo $uniqueId . "<br>";

session_id($uniqueId);
session_start();
echo session_id() . "<br>";

$_SESSION['session_id'] = session_id();
$_SESSION['event_id'] = 'event1';
$_SESSION['user_id'] = 'user1';
$res[] = json_encode($_SESSION);

$uniqueId2 = uniqid();
echo $uniqueId2 . "<br>";
session_destroy();
session_id($uniqueId2);
session_start();
echo session_id() . "<br>";

$_SESSION['session_id'] = session_id();
$_SESSION['event_id'] = 'event2';
$_SESSION['user_id'] = 'user2';
$res[] = json_encode($_SESSION);

echo "<br>";
print_r($res);

output of the print_r:

Array ( 
    [0] => {"session_id":"5609187f586da","event_id":"event1","user_id":"user1"} 
    [1] => {"session_id":"5609187f588e1","event_id":"event2","user_id":"user2"} 
)

Now in a new page when I am trying to each the event id of both sessions like this, I only get the last session's event_id but not the both. for the first it says 

Notice: Undefined index: event_id in C:\xampp\htdocs\test\test.php on line 12

This is what i am doing in new page.

$id1 = '560915a8c0875';
$id2 = '560915a8c0d51';
session_id($id1);
session_start();
echo $_SESSION['event_id'];

echo "<br>";

session_id($id2);
echo $_SESSION['event_id'];

Is this not possible with PHP or what?

Improve this question
10
  • what are you doing in a new page? Please share that also.. Commented Sep 28, 2015 at 10:46
  • What are you actually trying to achieve here? If this is about securing your password reset endpoint – that should be done by generating a random token, that gets stored into the database. Using the session for this is not a good approach (and especially not the way you are trying to do it right now.) Commented Sep 28, 2015 at 10:50
  • 1
    A session might have expired by the time the user checks their email, and a cookie might be pointless too, if they are checking their email from another device. The usual way to do this is a random token, that gets stored into the database. If you don’t want to do this because you are not using a database, you can also use a combination of some clear-text-parameters (like the email address of the user, the time when they requested the password reset, etc.), and a hash value of those parameters and a secret. That way, you can check if the parameters are genuine, by calculating the hash again. Commented Sep 28, 2015 at 11:11
  • 1
    You’d have to change the settings for when PHP clears up the old session data. But again, why do you insist on doing this using sessions? They are not the right tool for this job. Commented Sep 28, 2015 at 11:35
  • 1
    Well what makes you think it was the right tool for the job …? Whenever you think you have to handle multiple sessions within one PHP script instance, that is an indication that you might be doing something that doesn’t make the most sense. Commented Sep 28, 2015 at 11:42

1 Answer 1

Reset to default
1

session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called. http://php.net/manual/en/function.session-destroy.php

When calling session_destroy on $id1 the data will also be cleared from the server meaning when you define the session id to $id1 it will return an empty session.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.