public function SessionManager::regenerate in Drupal 9
Same name and namespace in other branches
- 8 core/lib/Drupal/Core/Session/SessionManager.php \Drupal\Core\Session\SessionManager::regenerate()
File
- core/
lib/ Drupal/ Core/ Session/ SessionManager.php, line 205
Class
- SessionManager
- Manages user sessions.
Namespace
Drupal\Core\SessionCode
public function regenerate($destroy = FALSE, $lifetime = NULL) {
// Nothing to do if we are not allowed to change the session.
if ($this
->isCli()) {
return;
}
// Drupal will always destroy the existing session when regenerating a
// session. This is inline with the recommendations of @link https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#renew-the-session-id-after-any-privilege-level-change
// OWASP session management cheat sheet. @endlink
$destroy = TRUE;
// Cannot regenerate the session ID for non-active sessions.
if (\PHP_SESSION_ACTIVE !== session_status()) {
// Ensure the metadata bag has been stamped. If the parent::regenerate()
// is called prior to the session being started it will not refresh the
// metadata as expected.
$this
->getMetadataBag()
->stampNew($lifetime);
return FALSE;
}
return parent::regenerate($destroy, $lifetime);
}