see http://trac.symfony-project.org/ticket/3927
or the discussion on the ML: http://groups.google.com/group/symfony-devs/browse_thread/thread/74cd126f733ef551 We cannot remove the old session because an Ajax request can come in before the new session has been updated in the browser. Fabien -- Fabien Potencier Sensio CEO - symfony lead developer sensiolabs.com | symfony-project.com | aide-de-camp.org Tél: +33 1 40 99 80 80 kiszl wrote: > Hi all, > > I see that sfBasicSecurityUser regenerates the session ID after > calling setAuthenticated and/or add/removeCredential. I understand > this is a security feature. > However I do not see the point of not deleting the old sessions (i.e. > calling session_regenerate_id with false). > If they were deleted, I could get the number of recent visitors by > counting active sessions in the table... > Can anybody enlighten me on this one ? > > Thank you, > Zoltan. > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
