Jump to content

session_regenerate_id

TomTees

By TomTees
in PHP Coding Help

Recommended Posts

TomTees Regular Member

TomTees

Posted
Posted

I am trying to implement session_regenerate_id but am a little uncertain about the code from my book.

 

	// Check for match.
	if (mysqli_num_rows($r) == 1){
		// User found.
		// Fetch User info.
		$row = mysqli_fetch_array($r, MYSQLI_NUM);

		// Note A
		$_SESSION['user_id'] = $row[0];						// Assign UserID to Session.
		$_SESSION['username'] = $row[1];					// Assign Username to Session.

		/* ORIGINAL CODE
		if ($row[2] == 'admin'){
			$_SESSION['user_admin'] = true;					// Assign to Session.
		}

		if ($row[3] == 1){
			$_SESSION['user_not_expired'] = true;		// Assign to Session.
		}
		*/

		// NEW CODE
		if ($row[2] == 'admin'){
			// Call before storing any session data, because passing "true" as
			// the 1st argument causes any existing session data to be destroyed.
			session_regenerate_id(true);
			$_SESSION['user_admin'] = true;					// Assign to Session.

			// Will this over-write any data from above (see Note A)??
			$_SESSION['user_id'] = $row[0];						// Assign UserID to Session.
			$_SESSION['username'] = $row[1];					// Assign Username to Session.
		}

		if ($row[3] == 1){
			$_SESSION['user_not_expired'] = true;		// Assign to Session.
		}
	} else {

 

My question is...

 

  // Will this over-write any data from above (see Note A)??

 

It is nested in the code above along with "Note A".

 

Thanks,

 

 

 

TomTees

 

 

 

Link to comment
https://forums.phpfreaks.com/topic/220043-session_regenerate_id/
Share on other sites
requinix Prolific Member

requinix

Posted
Posted

Try to follow the code yourself. You assign values for the two session variables, then later (maybe) assign two values to the same two session variables.

 

Yes. It will overwrite. However it will overwrite using the same values as before.

TomTees Regular Member

TomTees

Posted
  • Author
Posted

Try to follow the code yourself. You assign values for the two session variables, then later (maybe) assign two values to the same two session variables.

 

Yes. It will overwrite. However it will overwrite using the same values as before.

 

Well I knew that.  What I meant was, is it a problem that it overwrites the values if the person is an admin?

 

Maybe there is a better way to write the code than the author did?

 

I'm just not overly familiar with sessions or this session_regenerate_id function...

 

Thanks,

 

 

TomTees

 

 

requinix Prolific Member

requinix

Posted
Posted

Hmm. I missed the "(true)" in that call to session_regenerate_id.

 

I lied. It will not overwrite data, but that's only because you specifically told the function that it should not preserve existing information. (By default it does.)

 

I'm just not overly familiar with sessions or this session_regenerate_id function...

The PHP Manual is always a good place to start.

TomTees Regular Member

TomTees

Posted
  • Author
Posted

Hmm. I missed the "(true)" in that call to session_regenerate_id.

 

I lied. It will not overwrite data, but that's only because you specifically told the function that it should not preserve existing information. (By default it does.)

 

So, does the code I originally posted look okay?

 

Does it safely regenerate the session id without the risk of losing the user's session information?

 

If they are an admin, the code regenerates the session id but then should assign the same information the session originally had, so as far as I can see there is nothing to be lost.  :shrug:

 

The author's code may not be the most efficient, but it looks okay.

 

I just wanted some second opinions.

 

Thanks,

 

 

TomTees

 

 

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.