summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2014-11-04 10:08:06 +0100
committerAndrey Andreev <narf@devilix.net>2014-11-04 10:08:06 +0100
commit8e60b9a40a01a021e865b24e7d709e9e6ede0beb (patch)
tree5aa73a5224a6215fdde61de3033695e6ea87877f
parent72a1ddb93873284ea28dbf8cb201b2ef52d947b8 (diff)
#3073 (feature/session): Implement automatic ID regeneration
-rw-r--r--system/libraries/Session/Session.php15
1 files changed, 13 insertions, 2 deletions
diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index 7908badf8..f250c3d64 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -122,9 +122,20 @@ class CI_Session {
session_start();
+ if (($regenerate_time = config_item('sess_time_to_update')) > 0)
+ {
+ if ( ! isset($_SESSION['__ci_last_regenerate']))
+ {
+ $_SESSION['__ci_last_regenerate'] = time();
+ }
+ elseif ($_SESSION['__ci_last_regenerate'] < (time() - $regenerate_time))
+ {
+ $this->sess_regenerate(FALSE);
+ }
+ }
// Another work-around ... PHP doesn't seem to send the session cookie
// unless it is being currently created or regenerated
- if (isset($_COOKIE[$this->_config['cookie_name']]) && $_COOKIE[$this->_config['cookie_name']] === session_id())
+ elseif (isset($_COOKIE[$this->_config['cookie_name']]) && $_COOKIE[$this->_config['cookie_name']] === session_id())
{
setcookie(
$this->_config['cookie_name'],
@@ -138,7 +149,6 @@ class CI_Session {
}
$this->_ci_init_vars();
-
/*
Need to test if this is necessary for a custom driver or if it's only
relevant to PHP's own files handler.
@@ -584,6 +594,7 @@ class CI_Session {
*/
public function sess_regenerate($destroy = FALSE)
{
+ $_SESSION['__ci_last_regenerate'] = time();
session_regenerate_id($destroy);
}