I think that regenerageId() should take a parameter to set delete_old_session to false in session_regenerate_id(). I've already changed my code to do this.
Why do I think this should be done? Well, session_regenerate_id(true) deletes the old session ID, so if a user fires off requests to a site in quick succession, it is quite possible for their browser to write the new cookies too slowly or in the wrong order and thus their session is lost. It is quite easy to recreate this situation with some simple code and then just hammer (or old down) F5. You have to pick up some speed to recreate the issue but it does occur randomly at normal speeds on a proper site (I think maybe the browser is slowed down much further by images or javascript or something). -- View this message in context: http://www.nabble.com/Implement-Zend_Session%3A%3AregenerateId%28false%29--tf4681793s16154.html#a13378431 Sent from the Zend Framework mailing list archive at Nabble.com.
