#3073 (feature/session): Don't regenerate IDs on AJAX requests

author: Andrey Andreev <narf@devilix.net> 2014-11-04 11:28:57 +0100
committer: Andrey Andreev <narf@devilix.net> 2014-11-04 11:28:57 +0100
commit: ff37ffe164443e53b24d529f967a1bdf065bff3a (patch)
tree: ad2d32848d386ea3675928869b4527ae48df0f46 /system/libraries/Session
parent: 8e60b9a40a01a021e865b24e7d709e9e6ede0beb (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index f250c3d64..bf11cd181 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -122,7 +122,11 @@ class CI_Session {
 
 		session_start();
 
-		if (($regenerate_time = config_item('sess_time_to_update')) > 0)
+		// Is session ID auto-regeneration configured? (ignoring ajax requests)
+		if ( ! empty($_SERVER['HTTP_X_REQUESTED_WITH'])
+			&& strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest'
+			&& $regenerate_time = config_item('sess_time_to_update')) > 0
+		)
 		{
 			if ( ! isset($_SESSION['__ci_last_regenerate']))
 			{
author	Andrey Andreev <narf@devilix.net>	2014-11-04 11:28:57 +0100
committer	Andrey Andreev <narf@devilix.net>	2014-11-04 11:28:57 +0100
commit	ff37ffe164443e53b24d529f967a1bdf065bff3a (patch)
tree	ad2d32848d386ea3675928869b4527ae48df0f46 /system/libraries/Session
parent	8e60b9a40a01a021e865b24e7d709e9e6ede0beb (diff)