Session_id in php and regenerating by using session_regenrate

We can create a unique number for the session of the browser by generating a session id. Session id is generated by PHP at server end user can't change the generated session id. However it can be re-created.

Here is the code.

echo session_id();

How session_id changes when we login

Each time we login by our userid and password we get a new session_id. A particular session_id may be associated with a userid but it keep on changing each time the same member login. If there are ten members logged in to your website at a moment then there will be ten different session id and each member will be associated with one session id.

Re generating the session_id

By using script we can regenerate another session_id. Here is the function .

session_regenerate_id();

Note that this is not same as session destroy or logout, here we are only changing the session_id value to a new one. All other session data remains unchanged.

PHP Session variable creating checking and destroying using session_start() using userid and name

PHP Session ID Demo

Demonstrates session_id(), secure regeneration, and full reset with data persistence.

DEMO : Session ID


<?php
/** session_id_demo.php
 * Demonstrates: session_id(), session_regenerate_id(), and data persistence.
 * Actions:
 *   ?regen=1   -> Regenerate session ID (preserves data)
 *   ?reset=1   -> Destroy session (new session & new ID)
 */

declare(strict_types=1);

// Start session before any output
session_start();

// Handle actions
if (isset($_GET['regen'])) {
    // Regenerate the session ID to prevent fixation (delete old session)
    session_regenerate_id(true);
    $_SESSION['flash'] = 'Session ID regenerated safely.';
    header('Location: ' . strtok($_SERVER['REQUEST_URI'], '?'));
    exit;
}

if (isset($_GET['reset'])) {
    // Destroy the session completely (logically “new user”)
    $_SESSION = [];
    if (ini_get('session.use_cookies')) {
        $params = session_get_cookie_params();
        setcookie(session_name(), '', time() - 42000,
                 $params['path'], $params['domain'],
                 $params['secure'], $params['httponly']);
    }
    session_destroy();
    // Start a fresh session
    session_start();
    $_SESSION['flash'] = 'Session reset. New session started.';
    header('Location: ' . strtok($_SERVER['REQUEST_URI'], '?'));
    exit;
}

// Demo state: first visit timestamp and visit counter
$_SESSION['created_at'] = $_SESSION['created_at'] ?? date('Y-m-d H:i:s');
$_SESSION['visits']     = ($_SESSION['visits'] ?? 0) + 1;
$_SESSION['user']       = $_SESSION['user'] ?? 'Guest';

// Gather info
$sessionName = session_name();
$sessionId   = session_id();
$createdAt   = $_SESSION['created_at'];
$visits      = $_SESSION['visits'];
$user        = $_SESSION['user'];

// Simple HTML output
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>PHP Session ID Demo</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<style>
  body { font-family: system-ui, -apple-system, Segoe UI, Roboto, Arial, sans-serif; margin: 2rem; }
  code { background:#f6f8fa; padding: .2rem .35rem; border-radius: 4px; }
  .card { border:1px solid #e5e7eb; border-radius:12px; padding:1rem 1.25rem; max-width: 720px; }
  .row { display:flex; gap:1rem; flex-wrap: wrap; margin-top: 1rem; }
  a.btn { display:inline-block; padding:.6rem 1rem; border-radius:8px; text-decoration:none; border:1px solid #d1d5db; }
  a.btn:hover { background:#f3f4f6; }
  .pill { display:inline-block; padding:.2rem .5rem; background:#eef2ff; border:1px solid #c7d2fe; border-radius:999px; font-size:.85rem; }
  .flash { margin: .75rem 0; padding:.6rem .8rem; background:#ecfeff; border:1px solid #a5f3fc; border-radius:8px; }
  .muted { color:#6b7280; font-size:.9rem; }
  .mono { font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", monospace; }
</style>
</head>
<body>

<div class="card">
  <h1>PHP <span class="pill">session_id()</span> Demo</h1>

  <?php if (!empty($_SESSION['flash'])): ?>
    <div class="flash"><?= htmlspecialchars($_SESSION['flash'], ENT_QUOTES, 'UTF-8') ?></div>
    <?php unset($_SESSION['flash']); ?>
  <?php endif; ?>

  <p>This page shows your current session details and lets you <strong>regenerate</strong> the ID (safe against fixation) or <strong>reset</strong> the session.</p>

  <h3>Current Session</h3>
  <ul>
    <li><strong>Session Name:</strong> <code><?= htmlspecialchars($sessionName, ENT_QUOTES, 'UTF-8') ?></code></li>
    <li><strong>Session ID:</strong> <code class="mono"><?= htmlspecialchars($sessionId, ENT_QUOTES, 'UTF-8') ?></code></li>
    <li><strong>User:</strong> <?= htmlspecialchars($user, ENT_QUOTES, 'UTF-8') ?></li>
    <li><strong>First Seen:</strong> <?= htmlspecialchars($createdAt, ENT_QUOTES, 'UTF-8') ?></li>
    <li><strong>Visits this session:</strong> <?= (int)$visits ?></li>
  </ul>

  <div class="row">
    <a class="btn btn-outline-primary" href="?regen=1">🔄 Regenerate Session ID</a>
    <a class="btn btn-outline-danger" href="?reset=1">🗑️ Reset Session</a>
    <a class="btn btn-outline-secondary" href="<?= htmlspecialchars(strtok($_SERVER['REQUEST_URI'], '?'), ENT_QUOTES, 'UTF-8') ?>">↻ Refresh</a>
  </div>

  <p class="muted">Tip: After clicking <em>Regenerate Session ID</em>, the <code>session_id()</code> value will change, but the counter and user data remain — proving data persists across ID rotation.</p>
</div>

</body>
</html>

Session Variable Session Array

Subhendu Mohapatra

Author

🎥 Join me live on YouTube

Passionate about coding and teaching, I publish practical tutorials on PHP, Python, JavaScript, SQL, and web development. My goal is to make learning simple, engaging, and project‑oriented with real examples and source code.

Subscribe to our YouTube Channel here

Session_id & session_regenerate_id in PHP

How session_id changes when we login

Re generating the session_id

PHP Session ID Demo

Subhendu Mohapatra