ZF-8324: Zend_Session::regenerateId() always destroys the current session record, with no option not to
Description
Zend_Session::regenerateId() is basically a wrapper for PHP's session_regenerate_id(). However, the PHP function provides a boolean option for "Whether to delete the old associated session file or not. Defaults to FALSE." whereas the ZF wrapper defaults to true - and removes the option.
This has the effect of calling the session save handler's destroy() method whenever the session ID is reset. This may be fine if you're using files, but if you're using DB session storage like we are, you may not need or want your session rows to be deleted every time.
I'd like this to be an option, as PHP has it, rather than hardwired to what is the wrong setting for us and probably other users of DB session persistence as well.
Comments
Posted by Sylvain ADAM (scorpe51) on 2009-11-18T00:53:55.000+0000
I must say that I absolutely agree with this issue. I gave up on using regenerateId() for now as it was actually deleting the row on my database, making the user not viewable by himself at each page loading.
I might overload regenerateId() as I extended Zend_Session class and Zend_Session_SaveHandler_DbTable for my DB purposes.
Good point.
Posted by Sylvain ADAM (scorpe51) on 2009-11-18T01:19:44.000+0000
Ok... my bad, I have just figured out that Zend_Session had some private vars, which makes quite impossible to extend it!
Posted by Adam Lundrigan (adamlundrigan) on 2011-06-09T11:59:56.000+0000
Is this still an issue? I notice that regenerateId() still forces a delete on the old session, without ability to override that behavior.
Posted by Adam Lundrigan (adamlundrigan) on 2012-05-05T02:14:51.000+0000
At this late stage in ZFv1's lifecycle it is unlikely that we could fix this issue in a way which preserves backwards-compatibility. Closing as won't fix.