ZF-8324: Zend_Session::regenerateId() always destroys the current session record, with no option not to


Zend_Session::regenerateId() is basically a wrapper for PHP's session_regenerate_id(). However, the PHP function provides a boolean option for "Whether to delete the old associated session file or not. Defaults to FALSE." whereas the ZF wrapper defaults to true - and removes the option.

This has the effect of calling the session save handler's destroy() method whenever the session ID is reset. This may be fine if you're using files, but if you're using DB session storage like we are, you may not need or want your session rows to be deleted every time.

I'd like this to be an option, as PHP has it, rather than hardwired to what is the wrong setting for us and probably other users of DB session persistence as well.


I must say that I absolutely agree with this issue. I gave up on using regenerateId() for now as it was actually deleting the row on my database, making the user not viewable by himself at each page loading.

I might overload regenerateId() as I extended Zend_Session class and Zend_Session_SaveHandler_DbTable for my DB purposes.

Good point.

Ok... my bad, I have just figured out that Zend_Session had some private vars, which makes quite impossible to extend it!

Is this still an issue? I notice that regenerateId() still forces a delete on the old session, without ability to override that behavior.

At this late stage in ZFv1's lifecycle it is unlikely that we could fix this issue in a way which preserves backwards-compatibility. Closing as won't fix.