So, i ve been trying to regenerate session ids in my page, if someone logs in or logs out. I run this code:
public static function regenerateSession() {
$_SESSION = array();
session_regenerate_id( true );
return true;
}
in a script called by ajax. i log the session vars in every step, and indeed, the session id changes and the $_SESSION array empties. i then, on the same page i load some new variables to the $_SESSION under the new session id, echo something and then the script ends. Upon success, the javascript getting the echo of this php script, redirects to another page, where i log the session vars as well. after session_start() on the new page, i get in my logs, that the session, has the indeed the new id after regeneration, the new variables i assigned after the regeneration, but also the session variables of the previous session with their previous values!
i checked my php.ini and my session.cookie_secure is commented out. i uncommented it, i changed it to 0, restarted apache and yet nothing new. Does anyone have any idea about what am i doing wrong?
update 1:
i tried this code as well:
public static function regenerateSession() {
$_SESSION = array();
setcookie(session_name(), '', time() - 42000);
session_regenerate_id( true );
return true;
}
but with the same effect...
update 2
i also tried:
public static function regenerateSession() {
$_SESSION = array();
session_unset();
setcookie(session_name(), '', time() - 42000);
session_regenerate_id( true );
return true;
}
but still nothing
update 3
i also tried:
public static function regenerateSession() {
setcookie(session_name(), '', time() - 42000);
session_destroy();
$_SESSION = array();
session_start();
session_regenerate_id( true );
return true;
}
nothing. the old values are still kept along side the new ones
