A friend of mine starts his Session this way. <?php session_start(); session_regenerate_id(); session_destroy(); unset($_SESSION);

Question

0

Asked: May 23, 20262026-05-23T16:54:20+00:00 2026-05-23T16:54:20+00:00

A friend of mine starts his Session this way. <?php session_start(); session_regenerate_id(); session_destroy(); unset($_SESSION);

0

A friend of mine starts his Session this way.

<?php
session_start();
session_regenerate_id();
session_destroy();
unset($_SESSION);
session_start();
?>

Are there any security advantages, against Session hijacking etc.

Just wondering why as against the usual session_start();

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-23T16:54:20+00:00

Editorial Team

2026-05-23T16:54:20+00:00Added an answer on May 23, 2026 at 4:54 pm

All you’d need is

session_start()
session_regenerate_id()

That’ll start the session and change its ID on each request. However, this will not prevent session hijacking. If the attacker can get the user’s session cookie and sent a request back to the server BEFORE the user can, then the attacker gets a brand new session ID, and the user is left with an invalid session token and is effectively logged out.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

A friend of mine starts his Session this way. <?php session_start(); session_regenerate_id(); session_destroy(); unset($_SESSION);

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply