You are here

public function NativeSessionStorage::regenerate in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 vendor/symfony/http-foundation/Session/Storage/NativeSessionStorage.php \Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage::regenerate()

Regenerates id that represents this storage.

This method must invoke session_regenerate_id($destroy) unless this interface is used for a storage object designed for unit or functional testing where a real PHP session would interfere with testing.

Note regenerate+destroy should not clear the session data in memory only delete the session data from persistent storage.

Care: When regenerating the session ID no locking is involved in PHPs session design. See https://bugs.php.net/bug.php?id=61470 for a discussion. So you must make sure the regenerated session is saved BEFORE sending the headers with the new ID. Symfonys HttpKernel offers a listener for this. See Symfony\Component\HttpKernel\EventListener\SaveSessionListener. Otherwise session data could get lost again for concurrent requests with the new ID. One result could be that you get logged out after just logging in.

Parameters

bool $destroy Destroy session when regenerating?:

int $lifetime Sets the cookie lifetime for the session cookie. A null value: will leave the system settings unchanged, 0 sets the cookie to expire with browser session. Time is in seconds, and is not a Unix timestamp.

Return value

bool True if session regenerated, false if error

Throws

\RuntimeException If an error occurs while regenerating this storage

Overrides SessionStorageInterface::regenerate

1 method overrides NativeSessionStorage::regenerate()
SessionManager::regenerate in core/lib/Drupal/Core/Session/SessionManager.php
Regenerates id that represents this storage.

File

vendor/symfony/http-foundation/Session/Storage/NativeSessionStorage.php, line 196

Class

NativeSessionStorage
This provides a base class for session attribute storage.

Namespace

Symfony\Component\HttpFoundation\Session\Storage

Code

public function regenerate($destroy = false, $lifetime = null) {

  // Cannot regenerate the session ID for non-active sessions.
  if (PHP_VERSION_ID >= 50400 && \PHP_SESSION_ACTIVE !== session_status()) {
    return false;
  }

  // Check if session ID exists in PHP 5.3
  if (PHP_VERSION_ID < 50400 && '' === session_id()) {
    return false;
  }
  if (null !== $lifetime) {
    ini_set('session.cookie_lifetime', $lifetime);
  }
  if ($destroy) {
    $this->metadataBag
      ->stampNew();
  }
  $isRegenerated = session_regenerate_id($destroy);

  // The reference to $_SESSION in session bags is lost in PHP7 and we need to re-create it.
  // @see https://bugs.php.net/bug.php?id=70013
  $this
    ->loadSession();
  return $isRegenerated;
}