I have a PHP script which returns a receipt to a customer purchasing on my website. When they get the receipt, I want to be able to start a new session. So far I have a piece of code at the end of the script which returns the receipt page. It is:
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(),
'',
time() - 42000,
$params["path"],
$params["domain"],
$params["secure"],
$params["httponly"]
);
}
session_destroy();
session_regenerate_id(true);
When I use the website and go through the purchasing process, after the receipt page is served, the session id remains the same.
Yet, I took the above code and placed it in a seperate script called 'regenerate.php'. I then called this in another script, like so:
<?php
include("regenerate.php");
session_start();
echo("<br>id:".session_id());
include("regenerate.php");
session_start();
echo("<br>id:".session_id());
include("regenerate.php");
session_start();
echo("<br>id:".session_id());
include("regenerate.php");
session_start();
echo("<br>id:".session_id());
?>
When I run this script, then session id changes each time the regenerate script is run. However, the same code does not work in the intended page I am trying to serve up before restarting the session.
Is there any reason it might work in one case and not the other? I thought it might be because text is already being written out to output, however it happens in both cases.