Jump to content

session_regenerate_id(TRUE) vs. session_regenerate_id(FALSE)


sKunKbad

Recommended Posts

I'm working on an authentication script again, and learning more about the way php handles sessions. In the manual, fellow developers complain that setting session_regenerate_id to destroy the previous session can bring about problems if a site user is going from page to page too fast. The session data would be lost, which isn't good at all. They recommend leaving the old session data there, unless a critical need to destroy it exists. My thoughts were, if your going to regenerate the session id, why would you want to leave the old session data? If the old session data can still be used, what's the point of regenerating it at all? A malicious user could use the old session data if captured in some way, and the regenerated id would do nothing to protect the site/data/real user. I want to set my session_regenerate_id to true, but wondering if the issue of the session being lost is too common to do it.

 

I'm not really using my authentication system for any live site just yet, but my project is more of an ultimate php authentication learning experience. I want it to be perfect if the need should arise, and I'm wondering about how the more qualified php user would handle this.

 

My code shouldn't matter, which is why I haven't included it, but I've been asking around to see if other qualified php programmers and ethical hacker types would like to participate in making/perfecting the authentication system, and then distributing it as free/open source. Let me know if you are interested in seeing what I have. It's too much to post, so I'd send it via email.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.