Ok, I lied, that didn't fix anything. It seemed to but then I went to edit
Zend_Session and couldn't get it to work, so I went back to my test php and
it wasn't working there anymore either.
I'm sure there is a way to do this, perhaps every X requests or minutes is
best?
KyleMac wrote:
>
> I just realised a better fix for this. This seems (?) to do it:
>
> if (isset($_REQUEST[session_name()])) {
> session_regenerate_id(true);
> }
>
> Or with $_COOKIE if use only cookies is on. Basically, the todo under
> regenerateId() seems to be exactly this.
>
>
> KyleMac wrote:
>>
>> I think that regenerageId() should take a parameter to set
>> delete_old_session to false in session_regenerate_id(). I've already
>> changed my code to do this.
>>
>> Why do I think this should be done? Well, session_regenerate_id(true)
>> deletes the old session ID, so if a user fires off requests to a site in
>> quick succession, it is quite possible for their browser to write the new
>> cookies too slowly or in the wrong order and thus their session is lost.
>>
>> It is quite easy to recreate this situation with some simple code and
>> then just hammer (or old down) F5. You have to pick up some speed to
>> recreate the issue but it does occur randomly at normal speeds on a
>> proper site (I think maybe the browser is slowed down much further by
>> images or javascript or something).
>>
>
>
--
View this message in context:
http://www.nabble.com/Implement-Zend_Session%3A%3AregenerateId%28false%29--tf4681793s16154.html#a13384578
Sent from the Zend Framework mailing list archive at Nabble.com.
