PHP Classes


Recommend this page to a friend!

      Secure Session  >  All threads  >  session_regenerate_id  >  (Un) Subscribe thread alerts  
Summary:session_regenerate_id does not solve our problem
Author:Karel Simek
Date:2006-03-14 18:25:46
Update:2007-02-13 18:30:00

  1. session_regenerate_id   Reply   Report abuse  
Karel Simek - 2006-03-14 18:25:46
I am not sure that session_regenerate_id does what is says. Without optional parameter it just creates another ssid you can access current session with.
Try to use one of previously generated ssids a you will see that it is still valid for the current session. Any suggestions?

  2. Re: session_regenerate_id   Reply   Report abuse  
Chris Smith - 2006-03-24 18:20:33 - In reply to message 1 from Karel Simek
I have modified the _RegenerateId() method to this (according the phpmanual: ... ,
see this post: Nicolas dot Chachereau at Infomaniak dot ch, 02-Jun-2005 08:40)
The problem was that in php4 there isn't the optional parameter!

function _RegenerateId()
if ($this->regenerate_id && function_exists('session_regenerate_id'))
$old_session_id = session_id();
$new_session_id = session_id();
$old_session = $_SESSION;
$_SESSION = $old_session;

Note from Nicolas dot Chachereau: "this technique will send 3 Set-Cookie headers (one on each session_start() and one on session_regenerate_id()). I don't think this is a problem, ..."

PS: and thanks for these great packages that You supplied, Vagharshak ! There're a lot of good idea ...

  3. Re: session_regenerate_id   Reply   Report abuse  
Web 2.0 VN - 2007-02-13 18:23:25 - In reply to message 2 from Chris Smith
New _RegenerateId() function not work!

Cannot login with session

  4. Re: session_regenerate_id   Reply   Report abuse  
Web 2.0 VN - 2007-02-13 18:30:00 - In reply to message 3 from Web 2.0 VN
Sorry, It not work beacause I dont delete old session files