From 8e60b9a40a01a021e865b24e7d709e9e6ede0beb Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Tue, 4 Nov 2014 11:08:06 +0200
Subject: #3073 (feature/session): Implement automatic ID regeneration

---
 system/libraries/Session/Session.php | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

(limited to 'system/libraries')

diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index 7908badf8..f250c3d64 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -122,9 +122,20 @@ class CI_Session {
 
 		session_start();
 
+		if (($regenerate_time = config_item('sess_time_to_update')) > 0)
+		{
+			if ( ! isset($_SESSION['__ci_last_regenerate']))
+			{
+				$_SESSION['__ci_last_regenerate'] = time();
+			}
+			elseif ($_SESSION['__ci_last_regenerate'] < (time() - $regenerate_time))
+			{
+				$this->sess_regenerate(FALSE);
+			}
+		}
 		// Another work-around ... PHP doesn't seem to send the session cookie
 		// unless it is being currently created or regenerated
-		if (isset($_COOKIE[$this->_config['cookie_name']]) && $_COOKIE[$this->_config['cookie_name']] === session_id())
+		elseif (isset($_COOKIE[$this->_config['cookie_name']]) && $_COOKIE[$this->_config['cookie_name']] === session_id())
 		{
 			setcookie(
 				$this->_config['cookie_name'],
@@ -138,7 +149,6 @@ class CI_Session {
 		}
 
 		$this->_ci_init_vars();
-
 /*
 		Need to test if this is necessary for a custom driver or if it's only
 		relevant to PHP's own files handler.
@@ -584,6 +594,7 @@ class CI_Session {
 	 */
 	public function sess_regenerate($destroy = FALSE)
 	{
+		$_SESSION['__ci_last_regenerate'] = time();
 		session_regenerate_id($destroy);
 	}
 
-- 
cgit v1.2.3-24-g4f1b