summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2015-02-07 18:30:30 +0100
committerAndrey Andreev <narf@devilix.net>2015-02-07 18:30:30 +0100
commit789b1fe3e78f59cdb35ac5e6cf7166f6b97436c7 (patch)
tree43a64b6b9fd29d7934f4bd423a2fe7e13b791574
parentcb28c896fe883a373a906d5c6ef8c71c0b2ae999 (diff)
Add 'sess_regenerate_destroy' setting
-rw-r--r--application/config/config.php7
-rw-r--r--system/libraries/Session/Session.php2
-rw-r--r--user_guide_src/source/libraries/sessions.rst30
3 files changed, 24 insertions, 15 deletions
diff --git a/application/config/config.php b/application/config/config.php
index 1e399590b..5b60ae92a 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -344,6 +344,12 @@ $config['encryption_key'] = '';
|
| How many seconds between CI regenerating the session ID.
|
+| 'sess_regenerate_delete'
+|
+| Whether to destroy session data associated with the old session ID
+| when auto-regenerating the session ID. When set to FALSE, the data
+| will be later deleted by the garbage collector.
+|
| Other session cookie settings are shared with the rest of the application,
| except for 'cookie_prefix' and 'cookie_httponly', which are ignored here.
|
@@ -354,6 +360,7 @@ $config['sess_expiration'] = 7200;
$config['sess_save_path'] = NULL;
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
+$config['sess_regenerate_destroy'] = FALSE;
/*
|--------------------------------------------------------------------------
diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index ba1919b44..de9b1e829 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -153,7 +153,7 @@ class CI_Session {
}
elseif ($_SESSION['__ci_last_regenerate'] < (time() - $regenerate_time))
{
- $this->sess_regenerate(FALSE);
+ $this->sess_regenerate((bool) config_item('sess_regenerate_destroy'));
}
}
// Another work-around ... PHP doesn't seem to send the session cookie
diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst
index e2780683f..c8a1f1925 100644
--- a/user_guide_src/source/libraries/sessions.rst
+++ b/user_guide_src/source/libraries/sessions.rst
@@ -433,20 +433,22 @@ all of the options and their effects.
You'll find the following Session related preferences in your
**application/config/config.php** file:
-======================== =============== ======================================== ============================================================================================
-Preference Default Options Description
-======================== =============== ======================================== ============================================================================================
-**sess_driver** files files/database/redis/memcached/*custom* The session storage driver to use.
-**sess_cookie_name** ci_session [A-Za-z\_-] characters only The name used for the session cookie.
-**sess_expiration** 7200 (2 hours) Time in seconds (integer) The number of seconds you would like the session to last.
- If you would like a non-expiring session (until browser is closed) set the value to zero: 0
-**sess_save_path** NULL None Specifies the storage location, depends on the driver being used.
-**sess_time_to_update** 300 Time in seconds (integer) This option controls how often the session class will regenerate itself and create a new
- session ID. Setting it to 0 will disable session ID regeneration.
-**sess_match_ip** FALSE TRUE/FALSE (boolean) Whether to validate the user's IP address when reading the session cookie.
- Note that some ISPs dynamically changes the IP, so if you want a non-expiring session you
- will likely set this to FALSE.
-======================== =============== ======================================== ============================================================================================
+============================ =============== ======================================== ============================================================================================
+Preference Default Options Description
+============================ =============== ======================================== ============================================================================================
+**sess_driver** files files/database/redis/memcached/*custom* The session storage driver to use.
+**sess_cookie_name** ci_session [A-Za-z\_-] characters only The name used for the session cookie.
+**sess_expiration** 7200 (2 hours) Time in seconds (integer) The number of seconds you would like the session to last.
+ If you would like a non-expiring session (until browser is closed) set the value to zero: 0
+**sess_save_path** NULL None Specifies the storage location, depends on the driver being used.
+**sess_match_ip** FALSE TRUE/FALSE (boolean) Whether to validate the user's IP address when reading the session cookie.
+ Note that some ISPs dynamically changes the IP, so if you want a non-expiring session you
+ will likely set this to FALSE.
+**sess_time_to_update** 300 Time in seconds (integer) This option controls how often the session class will regenerate itself and create a new
+ session ID. Setting it to 0 will disable session ID regeneration.
+**sess_regenerate_destroy** FALSE TRUE/FALSE (boolean) Whether to destroy session data associated with the old session ID when auto-regenerating
+ the session ID. When set to FALSE, the data will be later deleted by the garbage collector.
+============================ =============== ======================================== ============================================================================================
.. note:: As a last resort, the Session library will try to fetch PHP's
session related INI settings, as well as legacy CI settings such as