Re: [Phplib-users] missing session variables
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] missing session variables
|
From: Michael C. <mdc...@mi...> - 2001-11-07 00:22:47
|
On Tue, Nov 06, 2001 at 04:21:09PM -0500, darcy w. christ wrote:
> hi,
>
> i have a strange problem. While testing, i occasionally need to
> remove my session records from the db. Upon doing so, it immediately
> tries to get me to login back in (obviously since i am no longer
> authenticated). The strange thing is that i do have my sessions
> variables anymore. i've just looked around and discovered that it's not
> setting a new cookie. Instead, it must be using the cookie, i already
> have. Is it possible for me to turn that off (ie. create a new cookie)
> or better yet just make sure that the auto_init gets run again.
Actually, it's a non-issue for the most part. If you have removed the
records from active_sessions, then all your session variables are lost.
Your browser still has the cookie, which means that it still will use
the same session id, but ultimately that session id is nothing more than
a lookup key for the active_sessions table. If the key isn't there, it
creates a new session. Same cookie, new session, no problem. However,
see below for an easier solution.
> i know it sounds like a very unlikely scenerio, but i've come to
> understand that computers love unlikely scenerios. In fact, i think
> they are immediately considered likely scenerios because they are
> unlikely. ;-)
This will create a new session without you having to dork around in the
database.
newsession.php:
<?php
if (!isset($dest)) {
$dest='/';
}
if (isset($newsession)) {
page_open(array("sess"=>"My_Session"));
if (isset($auth) && $auth->is_authenticated()) {
$auth->unauth();
}
$sess->delete();
}
header("Status: 302 Moved Temporarily");
header("Location: $dest");
?>
You can then put a link at the bottom of each page on your test site
that looks like this:
<a href="/newsession.php?newsession=1">New Session</a>
I use something similar at patsgold.com for making a new session. If
you're logged in, it shows your email address at the top, along with a
simple "click here if that's not you". It just destroys the current
session and gives the user a new one. Useful if someone has posted a
link with a session variable to Usenet or a web site.
Michael
--
Michael Darrin Chaney
mdc...@mi...
http://www.michaelchaney.com/
|
