Re: Solution for session_regenerate_id() issues

From: Date: Mon, 17 Mar 2014 02:22:34 +0000
Subject: Re: Solution for session_regenerate_id() issues
References: 1 2 3 4 5 6 7  Groups: php.internals 
Request: Send a blank email to [email protected] to get a copy of this message 
On Mon, Mar 17, 2014 at 11:15 AM, Yasuo Ohgaki <[email protected]> wrote:

> // ** set timeout flag **
> if ($_SESSION['LAST_REGENERATE'] < time() + 600) {
>   $_SESSION['VALID_UNTIL'] = time() + 60; // Shorter is better, but rather
> large value is set for lost radio/hand over/etc. Old session is allowed to
> use as valid session for 60 seconds.
>   session_commit(); // Need to save above data in old session.
>   session_start();
>   $_SESSION['LAST_REGENERATE'] = time(); // Update regenerate time here.
>   session_regenerate_id(); // New session ID and old session data with old
> session ID is left
>   unset($_SESSION['VALID_UNTIL']; // This session should not be deleted
> later.
> }
>

BTW,

$_SESSION['LAST_REGENERATE'] = time(); // Update regenerate time here.

This is bad code for new session save handler. This should be

$_SESSION['NEXT_REGENERATE'] = time()+600; // Update regenerate time here.

This way, unneeded session data writes can be avoided.

Regards,

--
Yasuo Ohgaki
[email protected]

Thread (24 messages)

« previous php.internals (#73202) next »