I have set up a PHP5 script which uses sessions. Starting the session goes wel, and it also creates a cookie (as expected).
However after closing the browser (Firefox 19.0.2 on Mac OSX Mountain Lion) and opening the browser the session ID stays the same. Even after a couple of days. This however while the session.cookie_lifetime is set to 0
In PHP I use this to start the session:
//set cookie params: lifetime, path, domain, https, http-only
session_set_cookie_params(0, "/", null, false, true);
session_name('MySession');
//start session
session_start();
Here is my PHP.ini
session.use_cookies = 1
session.use_only_cookies = 1
session.cookie_httponly = 1
session.cookie_lifetime = 0
session.cookie_path = /
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.hash_function = 1
session.hash_bits_per_character = 6
session.save_path = /var/lib/php5
session.name = PHPSESSID
The session files do net get removed in the /var/lib/php5 After a session_destroy() the files will be removed.
However, after using the script again (starting a session) I will get the old session ID. Last friday I logged out from my computer and now I am back I still get this old session ID. I would really like to have a new session ID after closing the browser (command Q)
I just read about a naggy 'feature' of firefox which stores the cookie for you as if you never closed the browser.
I think this might just be the reason why. As I don't want this I need to find a work-around.
Can you advise me about this?
