ZF-5084: Zend_Session::rememberMe() ALWAYS calls Zend_Session::regenerateId()

Description

At the end of Zend_Session::rememberUntil()

   // normally "rememberMe()" represents a security context change, so should use new session id
    self::regenerateId();
}

I believe this may be the case in many circumstances, but if I want to extend the cookie lifetime, it is not currently possible without regenerating the sessionId which is not something that always needs to happen.

Maybe an extra parameter to rememberMe and rememberUntil that defaults to regeneration so the caller can decide if its appropriate to regenerate?

Comments

I agree

Bulk change of all issues last updated before 1st January 2010 as "Won't Fix".

Feel free to re-open and provide a patch if you want to fix this issue.