Hi! > Please read session_regenerate_id() example #2. > > Example #2 Avoiding lost session by session_regenerate_id()
In this example, why you do session_commit() in my_session_start()? There's no point in writing stale session. I also see no code that actually removes old sessions - is it by design? I am also not sure why this code messes with session.use_strict_mode - which user code is not supposed to do, this should be possible to do without doing that. In fact, thinking about it, I think the following can be done relatively easily: make session_regenerate_id(), if called with false, to put magic entries into old session that specify a) when it was regenerated and b) what was the new session ID. This would allow to implement example #2 in userspace much cleaner, and if we want to implement it further in session, we could add option to session_start to do so. But one could also use this data in your own session system if one wants to do it slightly differently. This still leaves the question of old sessions, but it's not new as session_regenerate_id(false) already exists and in general we have GC. -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
