I am trying to destroy a session after he makes successful payment .
$session_id = session_id();
$sql = "
UPDATE
tbl_seat_book
SET
final_book = 'Y'
WHERE
session_id = '$session_id'
";
$r = $this->db->executeQuery($sql);
session_unset();
session_destroy();
echo 'Booking successfull';
But when I book tickets , the same session_id appears . How can I destroy the session_id after making successful payment .
EDIT :
$sql = "
INSERT INTO
tbl_seat_book
SET
booking_date = '$_REQUEST[bus_date]',
booking_time = '$_REQUEST[bus_time]',
bus_id = '$_REQUEST[bus_id]',
route_id = '$_REQUEST[route_id]',
session_id = '$session_id',
session_start_time = '$time',
temp_book = 'Y',
final_book = 'N',
$cond
";
$booked = $this->db->insertQuery($sql);
EDIT2:
function book_final_tickets()
{
$session_id = session_id();
$sql = "
UPDATE
tbl_seat_book
SET
final_book = 'Y'
WHERE
session_id = '$session_id'
";
//session_unset();
if($r = $this->db->executeQuery($sql)){
if(session_destroy()){
unset($session_id);
echo 'Booking successfull';
}
}
}
session_unset(); only free the variable that you have registered, if you want to destroy all session the use session_destroy();
try with this:
session_unset(); //destroys variables
session_destroy(); //destroys session
Your Just replace session_unset() with session_destroy()
$session_id = session_id();
$sql = "
UPDATE
tbl_seat_book
SET
final_book = 'Y'
WHERE
session_id = '$session_id'
";
if($this->db->executeQuery($sql))
{
session_destroy();
echo 'Booking successfull';
}
if(isset($_SESSION['req_value']))
{
unset($_SESSION['req_value']);
}
Use session_regenerate_id(true) to generate a new session ID and delete the old one. Note that this will keep all of the information in $_SESSION as part of the new session ID.
e.g. To get a new session ID, but keep session info in $_SESSION.
// Regenerate session ID, user gets a new sid, and cookie is updated.
session_regenerate_id(true);
// Make sure you pick up the new session ID
$session_id = session_id();
// Note, $_SESSION will be the same here as before, but $session_id will be diff.
// Old session info has been moved to new session.
If you don't want to keep the information in $_SESSION either, then you want to use session_destroy() to destroy the session info on the server-side, and setcookie() to manually unset the session ID cookie on the client-side. Then you can start a new session and generate a new session ID as before.
e.g. To get a new session_id AND remove all session information.
session_unset(); // Remove the $_SESSION variable information.
session_destroy(); // Remove the server-side session information.
// Unset the cookie on the client-side.
setcookie("PHPSESSID", "", 1); // Force the cookie to expire.
// Start a new session
session_start();
// Generate a new session ID
session_regenerate_id(true);
// Then finally, make sure you pick up the new session ID
$session_id = session_id();
// $_SESSION will now be empty, and $session_id will have been regenerated.
// You have a completely empty, new session.
(You can get away without the setcookie() call here, since you're creating a new session anyway, so the cookie will be overwritten by the new ID, but it's good practice to explicitly destroy the old cookie).
session_destroy() alone won't remove the client-side cookie, so the next time the user visits, they'll still have the same session id set (but their server-side session info will have been destroyed).
From the docs (emphasis mine):
session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. ... In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted.