From 789b1fe3e78f59cdb35ac5e6cf7166f6b97436c7 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 7 Feb 2015 19:30:30 +0200 Subject: Add 'sess_regenerate_destroy' setting --- application/config/config.php | 7 +++++++ system/libraries/Session/Session.php | 2 +- user_guide_src/source/libraries/sessions.rst | 30 +++++++++++++++------------- 3 files changed, 24 insertions(+), 15 deletions(-) diff --git a/application/config/config.php b/application/config/config.php index 1e399590b..5b60ae92a 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -344,6 +344,12 @@ $config['encryption_key'] = ''; | | How many seconds between CI regenerating the session ID. | +| 'sess_regenerate_delete' +| +| Whether to destroy session data associated with the old session ID +| when auto-regenerating the session ID. When set to FALSE, the data +| will be later deleted by the garbage collector. +| | Other session cookie settings are shared with the rest of the application, | except for 'cookie_prefix' and 'cookie_httponly', which are ignored here. | @@ -354,6 +360,7 @@ $config['sess_expiration'] = 7200; $config['sess_save_path'] = NULL; $config['sess_match_ip'] = FALSE; $config['sess_time_to_update'] = 300; +$config['sess_regenerate_destroy'] = FALSE; /* |-------------------------------------------------------------------------- diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php index ba1919b44..de9b1e829 100644 --- a/system/libraries/Session/Session.php +++ b/system/libraries/Session/Session.php @@ -153,7 +153,7 @@ class CI_Session { } elseif ($_SESSION['__ci_last_regenerate'] < (time() - $regenerate_time)) { - $this->sess_regenerate(FALSE); + $this->sess_regenerate((bool) config_item('sess_regenerate_destroy')); } } // Another work-around ... PHP doesn't seem to send the session cookie diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst index e2780683f..c8a1f1925 100644 --- a/user_guide_src/source/libraries/sessions.rst +++ b/user_guide_src/source/libraries/sessions.rst @@ -433,20 +433,22 @@ all of the options and their effects. You'll find the following Session related preferences in your **application/config/config.php** file: -======================== =============== ======================================== ============================================================================================ -Preference Default Options Description -======================== =============== ======================================== ============================================================================================ -**sess_driver** files files/database/redis/memcached/*custom* The session storage driver to use. -**sess_cookie_name** ci_session [A-Za-z\_-] characters only The name used for the session cookie. -**sess_expiration** 7200 (2 hours) Time in seconds (integer) The number of seconds you would like the session to last. - If you would like a non-expiring session (until browser is closed) set the value to zero: 0 -**sess_save_path** NULL None Specifies the storage location, depends on the driver being used. -**sess_time_to_update** 300 Time in seconds (integer) This option controls how often the session class will regenerate itself and create a new - session ID. Setting it to 0 will disable session ID regeneration. -**sess_match_ip** FALSE TRUE/FALSE (boolean) Whether to validate the user's IP address when reading the session cookie. - Note that some ISPs dynamically changes the IP, so if you want a non-expiring session you - will likely set this to FALSE. -======================== =============== ======================================== ============================================================================================ +============================ =============== ======================================== ============================================================================================ +Preference Default Options Description +============================ =============== ======================================== ============================================================================================ +**sess_driver** files files/database/redis/memcached/*custom* The session storage driver to use. +**sess_cookie_name** ci_session [A-Za-z\_-] characters only The name used for the session cookie. +**sess_expiration** 7200 (2 hours) Time in seconds (integer) The number of seconds you would like the session to last. + If you would like a non-expiring session (until browser is closed) set the value to zero: 0 +**sess_save_path** NULL None Specifies the storage location, depends on the driver being used. +**sess_match_ip** FALSE TRUE/FALSE (boolean) Whether to validate the user's IP address when reading the session cookie. + Note that some ISPs dynamically changes the IP, so if you want a non-expiring session you + will likely set this to FALSE. +**sess_time_to_update** 300 Time in seconds (integer) This option controls how often the session class will regenerate itself and create a new + session ID. Setting it to 0 will disable session ID regeneration. +**sess_regenerate_destroy** FALSE TRUE/FALSE (boolean) Whether to destroy session data associated with the old session ID when auto-regenerating + the session ID. When set to FALSE, the data will be later deleted by the garbage collector. +============================ =============== ======================================== ============================================================================================ .. note:: As a last resort, the Session library will try to fetch PHP's session related INI settings, as well as legacy CI settings such as -- cgit v1.2.3-24-g4f1b