From 395f92882afada9701ab2384772ce331ae9b3f9d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 5 Feb 2015 13:29:56 +0200 Subject: [ci skip] Fix a bug where session IDs are not regenerated Reported via the forums: http://forum.codeigniter.com/thread-996.html --- system/libraries/Session/Session.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'system/libraries/Session/Session.php') diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php index 2551e54e9..ba1919b44 100644 --- a/system/libraries/Session/Session.php +++ b/system/libraries/Session/Session.php @@ -143,8 +143,7 @@ class CI_Session { session_start(); // Is session ID auto-regeneration configured? (ignoring ajax requests) - if ( ! empty($_SERVER['HTTP_X_REQUESTED_WITH']) - && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest' + if ((empty($_SERVER['HTTP_X_REQUESTED_WITH']) OR strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest') && ($regenerate_time = config_item('sess_time_to_update')) > 0 ) { -- cgit v1.2.3-24-g4f1b From 789b1fe3e78f59cdb35ac5e6cf7166f6b97436c7 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 7 Feb 2015 19:30:30 +0200 Subject: Add 'sess_regenerate_destroy' setting --- system/libraries/Session/Session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Session/Session.php') diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php index ba1919b44..de9b1e829 100644 --- a/system/libraries/Session/Session.php +++ b/system/libraries/Session/Session.php @@ -153,7 +153,7 @@ class CI_Session { } elseif ($_SESSION['__ci_last_regenerate'] < (time() - $regenerate_time)) { - $this->sess_regenerate(FALSE); + $this->sess_regenerate((bool) config_item('sess_regenerate_destroy')); } } // Another work-around ... PHP doesn't seem to send the session cookie -- cgit v1.2.3-24-g4f1b