session_regenerate_id() old data not copied to new session ID
Ahad, 11 Mei 2014, 1:36 am0
In PHP I’m using MySQL with Memcached backend for storing session information. Every few minutes I need to regenerate the session ID to prevent replay attack. However when using session_regenerate_id(true), sometimes session data from old ID are not copied to the new regenerated ID. Therefore everytime when the session regenerated, I’ll be logged out if I’m currently logged in to the web app.
To fix it, I need to regenerate the ID without deleting the old data, flush the session data into database, stop then restart the session with new ID
session_regenerate_id(); $new_sess_id = session_id(); // this enable the backend to write the session data to backend storage $this->data_changed = true; // this will call the write() function to save session data to backend session_write_close(); session_id($new_sess_id); session_start();
11 Mei 2014
Using database in Windows Phone app
11 Mei 2014