public SessionManager::regenerate($destroy = FALSE, $lifetime = NULL)
Regenerates id that represents this storage.
This method must invoke session_regenerate_id($destroy) unless this interface is used for a storage object designed for unit or functional testing where a real PHP session would interfere with testing.
Note regenerate+destroy should not clear the session data in memory only delete the session data from persistent storage.
Care: When regenerating the session ID no locking is involved in PHP's session design. See https://bugs.php.net/bug.php?id=61470 for a discussion. So you must make sure the regenerated session is saved BEFORE sending the headers with the new ID. Symfony's HttpKernel offers a listener for this. See Symfony\Component\HttpKernel\EventListener\SaveSessionListener. Otherwise session data could get lost again for concurrent requests with the new ID. One result could be that you get logged out after just logging in.
bool $destroy Destroy session when regenerating?:
int $lifetime Sets the cookie lifetime for the session cookie. A null value: will leave the system settings unchanged, 0 sets the cookie to expire with browser session. Time is in seconds, and is not a Unix timestamp.
bool True if session regenerated, false if error
\RuntimeException If an error occurs while regenerating this storage
Overrides NativeSessionStorage::regenerate
public function regenerate($destroy = FALSE, $lifetime = NULL) { // Nothing to do if we are not allowed to change the session. if ($this->isCli()) { return; } // We do not support the optional $destroy and $lifetime parameters as long // as #2238561 remains open. if ($destroy || isset($lifetime)) { throw new \InvalidArgumentException('The optional parameters $destroy and $lifetime of SessionManager::regenerate() are not supported currently'); } if ($this->isStarted()) { $old_session_id = $this->getId(); } session_id(Crypt::randomBytesBase64()); $this->getMetadataBag()->clearCsrfTokenSeed(); if (isset($old_session_id)) { $params = session_get_cookie_params(); $expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0; setcookie($this->getName(), $this->getId(), $expire, $params['path'], $params['domain'], $params['secure'], $params['httponly']); $this->migrateStoredSession($old_session_id); } if (!$this->isStarted()) { // Start the session when it doesn't exist yet. $this->startNow(); } }
© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/core!lib!Drupal!Core!Session!SessionManager.php/function/SessionManager::regenerate/8.1.x