diff options
author | Andrey Andreev <narf@devilix.net> | 2014-11-04 10:08:06 +0100 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2014-11-04 10:08:06 +0100 |
commit | 8e60b9a40a01a021e865b24e7d709e9e6ede0beb (patch) | |
tree | 5aa73a5224a6215fdde61de3033695e6ea87877f /system/libraries/Session/Session.php | |
parent | 72a1ddb93873284ea28dbf8cb201b2ef52d947b8 (diff) |
#3073 (feature/session): Implement automatic ID regeneration
Diffstat (limited to 'system/libraries/Session/Session.php')
-rw-r--r-- | system/libraries/Session/Session.php | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php index 7908badf8..f250c3d64 100644 --- a/system/libraries/Session/Session.php +++ b/system/libraries/Session/Session.php @@ -122,9 +122,20 @@ class CI_Session { session_start(); + if (($regenerate_time = config_item('sess_time_to_update')) > 0) + { + if ( ! isset($_SESSION['__ci_last_regenerate'])) + { + $_SESSION['__ci_last_regenerate'] = time(); + } + elseif ($_SESSION['__ci_last_regenerate'] < (time() - $regenerate_time)) + { + $this->sess_regenerate(FALSE); + } + } // Another work-around ... PHP doesn't seem to send the session cookie // unless it is being currently created or regenerated - if (isset($_COOKIE[$this->_config['cookie_name']]) && $_COOKIE[$this->_config['cookie_name']] === session_id()) + elseif (isset($_COOKIE[$this->_config['cookie_name']]) && $_COOKIE[$this->_config['cookie_name']] === session_id()) { setcookie( $this->_config['cookie_name'], @@ -138,7 +149,6 @@ class CI_Session { } $this->_ci_init_vars(); - /* Need to test if this is necessary for a custom driver or if it's only relevant to PHP's own files handler. @@ -584,6 +594,7 @@ class CI_Session { */ public function sess_regenerate($destroy = FALSE) { + $_SESSION['__ci_last_regenerate'] = time(); session_regenerate_id($destroy); } |