PHP Classes

session_regenerate_id

Recommend this page to a friend!

      Secure Session  >  All threads  >  session_regenerate_id  >  (Un) Subscribe thread alerts  
Subject:session_regenerate_id
Summary:session_regenerate_id does not solve our problem
Messages:4
Author:Karel Simek
Date:2006-03-14 18:25:46
Update:2007-02-13 18:30:00
 

  1. session_regenerate_id   Reply   Report abuse  
Picture of Karel Simek Karel Simek - 2006-03-14 18:25:46
I am not sure that session_regenerate_id does what is says. Without optional parameter it just creates another ssid you can access current session with.
Try to use one of previously generated ssids a you will see that it is still valid for the current session. Any suggestions?

  2. Re: session_regenerate_id   Reply   Report abuse  
Picture of Chris Smith Chris Smith - 2006-03-24 18:20:33 - In reply to message 1 from Karel Simek
I have modified the _RegenerateId() method to this (according the phpmanual:
hu2.php.net/manual/en/function.sess ... ,
see this post: Nicolas dot Chachereau at Infomaniak dot ch, 02-Jun-2005 08:40)
The problem was that in php4 there isn't the optional parameter!

function _RegenerateId()
{
if ($this->regenerate_id && function_exists('session_regenerate_id'))
{
$old_session_id = session_id();
session_regenerate_id();
$new_session_id = session_id();
session_id($old_session_id);
session_destroy();
$old_session = $_SESSION;
session_id($new_session_id);
session_start();
$_SESSION = $old_session;
}
}

Note from Nicolas dot Chachereau: "this technique will send 3 Set-Cookie headers (one on each session_start() and one on session_regenerate_id()). I don't think this is a problem, ..."

PS: and thanks for these great packages that You supplied, Vagharshak ! There're a lot of good idea ...

  3. Re: session_regenerate_id   Reply   Report abuse  
Picture of Web 2.0 VN Web 2.0 VN - 2007-02-13 18:23:25 - In reply to message 2 from Chris Smith
New _RegenerateId() function not work!

Cannot login with session

  4. Re: session_regenerate_id   Reply   Report abuse  
Picture of Web 2.0 VN Web 2.0 VN - 2007-02-13 18:30:00 - In reply to message 3 from Web 2.0 VN
Sorry, It not work beacause I dont delete old session files