Home/ Questions/Q 8091409
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T20:03:33+00:00

I’ve been looking at using session_regenerate_id in a login class which I have been

  • 0

I’ve been looking at using session_regenerate_id in a login class which I have been developing and from reading the PHP documentation and a few other sites it seems that it creates a new session with a newly generated ID carrying across the previous data since the function was added in PHP 4.3.2.

Since PHP 5.1 it has a delete_old_session parameter and if set to true it will also destroy the previous session but in previous versions it will not.

My question is if I was to use session_regenerate_id on a server running a PHP version below 5.1 what would be the best way to use session_regenerate_id and to destroy the previous session?

I don’t think session_destroy() would work because if I used it before session_regenerate_id then it wouldn’t be able to carry across the previous session data and if used after it would just destroy the new session.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This should solve your problem:

    session_start();
// gets current (previous) session
$previousID = session_id();
session_regenerate_id();
// get the new session id
$newID = session_id();
// close session related files
session_write_close();

// set the old session id
session_id($previousID);
// start the old session
session_start();
// clear the old session
session_destroy();
// save the old session state (destroyed session)
session_write_close();

// set the regenerated session id
session_id($newID);
// start the new session
session_start();

    Now your old session data is erased and transfered to a new session id.

    • 0