MENU
Edit
In Place Editing Advanced Editing

SessionManager::regenerate

public SessionManager::regenerate($destroy = FALSE, $lifetime = NULL)

Regenerates id that represents this storage.

This method must invoke session_regenerate_id($destroy) unless this interface is used for a storage object designed for unit or functional testing where a real PHP session would interfere with testing.

Note regenerate+destroy should not clear the session data in memory only delete the session data from persistent storage.

Care: When regenerating the session ID no locking is involved in PHP's session design. See https://bugs.php.net/bug.php?id=61470 for a discussion. So you must make sure the regenerated session is saved BEFORE sending the headers with the new ID. Symfony's HttpKernel offers a listener for this. See Symfony\Component\HttpKernel\EventListener\SaveSessionListener. Otherwise session data could get lost again for concurrent requests with the new ID. One result could be that you get logged out after just logging in.

Parameters

bool $destroy Destroy session when regenerating?:

int $lifetime Sets the cookie lifetime for the session cookie. A null value: will leave the system settings unchanged, 0 sets the cookie to expire with browser session. Time is in seconds, and is not a Unix timestamp.

Return value

bool True if session regenerated, false if error

Throws

\RuntimeException If an error occurs while regenerating this storage

Overrides NativeSessionStorage::regenerate

File

core/lib/Drupal/Core/Session/SessionManager.php, line 206

Class

SessionManager
Manages user sessions.

Namespace

Drupal\Core\Session

Code

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
public function regenerate($destroy = FALSE, $lifetime = NULL) {
  // Nothing to do if we are not allowed to change the session.
  if ($this->isCli()) {
    return;
  }
 
  // We do not support the optional $destroy and $lifetime parameters as long
  // as #2238561 remains open.
  if ($destroy || isset($lifetime)) {
    throw new \InvalidArgumentException('The optional parameters $destroy and $lifetime of SessionManager::regenerate() are not supported currently');
  }
 
  if ($this->isStarted()) {
    $old_session_id = $this->getId();
  }
  session_id(Crypt::randomBytesBase64());
 
  $this->getMetadataBag()->clearCsrfTokenSeed();
 
  if (isset($old_session_id)) {
    $params = session_get_cookie_params();
    $expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0;
    setcookie($this->getName(), $this->getId(), $expire, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
    $this->migrateStoredSession($old_session_id);
  }
 
  if (!$this->isStarted()) {
    // Start the session when it doesn't exist yet.
    $this->startNow();
  }
}
doc_Drupal
doc_Drupal
2025-01-10 15:47:30
Comments
Leave a Comment

Please login to continue.