PHP

session_regenerate_id

Leave a comment

session_regenerate_id — Update the current session id with a newly generated one

session_regenerate_id() will replace the current session id with a new one, and keep the current session information.

When session.use_trans_sid is enabled, output must be started after session_regenerate_id() call. Otherwise, old session ID is used.

Example

<?php
 session_start();

if (isset($_SESSION['destroyed'])
 && $_SESSION['destroyed'] < time() - 300) {
 remove_all_authentication_flag_from_active_sessions($_SESSION['userid']);
 throw(new DestroyedSessionAccessException);
 }

$old_sessionid = session_id();
 $_SESSION['destroyed'] = time(); 
 session_regenerate_id();
 unset($_SESSION['destroyed']);
 $new_sessionid = session_id();
 echo "Old Session: $old_sessionid<br />";
 echo "New Session: $new_sessionid<br />";

print_r($_SESSION);
?>

Leave a Reply

Your email address will not be published. Required fields are marked *