php session id strangeness

Steps to reproduce by running the following script:

<?php session_start(); echo "session_id: " . session_id(); ?>
  • start your browser and run the script located at http://gomad.epizy.com/support/stest.php
  • make a copy of the echoed session id
  • close (exit) your browser
  • start your browser again and run the same script
  • and you’ll get the former session id again.

running the same script on any other server I know returns a different session id with each new browser instance - in opposite to the infinityfree enviroment which returns the same one again and again.

Is this intentionally meant so? And if yes:
What can I do to force a formerly logged in user to re-login again in case he simply closed and re-opened his browser?

maybe I’m late and you’ve modified the code
but I always have a new result

The reason is because my browser clears cookies on exit

session_id: 4be49762533a3230c44f6a6b3eee352d
session_id: a52b239b09d6af0218fc220d041adf63
session_id: fde113d97523a0ce496cd7e4005ddd08

Thanks for investigating, OxyDac.

And yes, you’re right: With a browser setting like that you’ll get a different PHPSESSID cookie each time.
But I wouldn’t want to rely on user’s custom settings because the default is to keep cookies on exit.

Anyway, in the meantime I found the explanation:
Running phpinfo on my infinityfree site shows a value of 86000 (= 1 day) for session.cookie_lifetime, while with the other servers I mentioned I’m getting just 0.

Hence the solution is to simply add ini_set('session.cookie_lifetime', 0); BEFORE
session_start();

and the cookie will last for one browser session, only.

Thanks again, this topic can be closed.

1 Like

np and yw
thank you for a clear question and because you shared the solution with others :slight_smile:
and probably helped somebody

good luck