Issues

ZF-8324: Zend_Session::regenerateId() always destroys the current session record, with no option not to

Issue Type: Bug Created: 2009-11-17T14:13:46.000+0000 Last Updated: 2012-05-05T02:14:51.000+0000 Status: Closed Fix version(s): - Next Major Release ()

Reporter: SP (kaioptera) Assignee: Adam Lundrigan (adamlundrigan) Tags: - Zend_Session

  • zf-caretaker-adamlundrigan

Related issues: Attachments:

Description

Zend_Session::regenerateId() is basically a wrapper for PHP's session_regenerate_id(). However, the PHP function provides a boolean option for "Whether to delete the old associated session file or not. Defaults to FALSE." whereas the ZF wrapper defaults to true - and removes the option.

This has the effect of calling the session save handler's destroy() method whenever the session ID is reset. This may be fine if you're using files, but if you're using DB session storage like we are, you may not need or want your session rows to be deleted every time.

I'd like this to be an option, as PHP has it, rather than hardwired to what is the wrong setting for us and probably other users of DB session persistence as well.

Comments

Posted by Sylvain ADAM (scorpe51) on 2009-11-18T00:53:55.000+0000

I must say that I absolutely agree with this issue. I gave up on using regenerateId() for now as it was actually deleting the row on my database, making the user not viewable by himself at each page loading.

I might overload regenerateId() as I extended Zend_Session class and Zend_Session_SaveHandler_DbTable for my DB purposes.

Good point.

Posted by Sylvain ADAM (scorpe51) on 2009-11-18T01:19:44.000+0000

Ok... my bad, I have just figured out that Zend_Session had some private vars, which makes quite impossible to extend it!

Posted by Adam Lundrigan (adamlundrigan) on 2011-06-09T11:59:56.000+0000

Is this still an issue? I notice that regenerateId() still forces a delete on the old session, without ability to override that behavior.

Posted by Adam Lundrigan (adamlundrigan) on 2012-05-05T02:14:51.000+0000

At this late stage in ZFv1's lifecycle it is unlikely that we could fix this issue in a way which preserves backwards-compatibility. Closing as won't fix.

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts