session_regenerate_id() old data not copied to new session ID

In PHP I’m using MySQL with Memcached backend for storing session information. Every few minutes I need to regenerate the session ID to prevent replay attack. However when using session_regenerate_id(true), sometimes session data from old ID are not copied to the new regenerated ID. Therefore everytime when the session regenerated, I’ll be logged out if I’m currently logged in to the web app.

To fix it, I need to regenerate the ID without deleting the old data, flush the session data into database, stop then restart the session with new ID

session_regenerate_id();
$new_sess_id = session_id();

// this enable the backend to write the session data to backend storage
$this->data_changed = true; 

// this will call the write() function to save session data to backend
session_write_close(); 

session_id($new_sess_id);
session_start();
Share this...
Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInPin on Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *