Just curious if i have this process correct to avoid session id fixation
in my login file once the auth is done and everything is fine.
then i set the session values and also set this
then it redirects and opens up the home page
$_SESSION['oldid'] = 1;
and at the very top of that home page i have this so that it only executes this one time per login.
Does that look about right?
//only do this one time per login
echo "hellow old is set";
$_SESSION['oldid'] = '';