Nicolas will answer you today. Short answer: we cannot remove the old session because an Ajax request can come in before the new session has been updated in the browser. So, you need to configure your session garbage collector properly.
Fabien -- Fabien Potencier Sensio CEO - symfony lead developer sensiolabs.com | symfony-project.com | aide-de-camp.org Tél: +33 1 40 99 80 80 [EMAIL PROTECTED] wrote: > Up ... > > Michael > > > On Sep 28, 10:40 am, "[EMAIL PROTECTED]" > <[EMAIL PROTECTED]> wrote: >> Please devs, >> >> i'd be pleased to hear a statement here. Because if the current >> implementation stays, i have to write my own regenerate() method (and >> many others), which updates the session id in the database. Again, the >> current revision leaves a session entry in the database, after >> creating a new one. >> >> The php function session_regenerate_id($destroy), with $destroy = true >> (to destroy the old session), works only for "file" based >> sessions.http://www.php.net/manual/en/function.session-regenerate-id.php#83842 >> >> There was an updateSessionId() method in one of the revisions before, >> which handled it correctly, but it was removed again. If you ever need >> a function for retrieving the current online users (from database >> sessions), you will also get the old unused sessions with the current >> symfony version (1.1, 1.2). >> >> Just a quick answer please, "It will stay" or "It will be fixed", and >> i can deal with it. >> >> Thank you very much, >> Michael >> >> On Sep 13, 12:15 pm, "[EMAIL PROTECTED]" >> >> <[EMAIL PROTECTED]> wrote: >>> Hi devs, hi Nicolas, >>> the current revisionhttp://trac.symfony-project.org/changeset/10589 >>> does not include the updateSessionId() method anymore. This is however >>> necessary because session_regenerate_id(TRUE) works only for file >>> sessions. If you use databasesession, you have to update thesession >>> id. If you don't, a newsessionis beeing inserted and the old is not >>> deleted, anytime the authentication changes. This is bad if you'd like >>> to query thesessiontable for active sessions ... >>> I'm sure there must be a reason for removing this method. In case i >>> missed it, sorry :o( But could somone explain why the oldsession >>> should stay in the database ... ? >>> Thanks in advance, >>> Michael Piecko > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en -~----------~----~----~----~------~----~------~--~---
