Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:73202 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 56493 invoked from network); 17 Mar 2014 02:23:21 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 17 Mar 2014 02:23:21 -0000 Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.53 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.215.53 mail-la0-f53.google.com Received: from [209.85.215.53] ([209.85.215.53:53615] helo=mail-la0-f53.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 4C/84-20890-59C56235 for ; Sun, 16 Mar 2014 21:23:19 -0500 Received: by mail-la0-f53.google.com with SMTP id b8so3217909lan.40 for ; Sun, 16 Mar 2014 19:23:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=28YbXGjCg4URciMPYd1Dq8YIzb97vCALTLAsi/8kYR8=; b=aprN2mn87Q94JUnY7gQGTOQWiFj96AWsfXvb8w5270qbK1NNgk8RN+069+86+8SkHj ZtYtUyUD6MapTcWD/nAX7JW/PSX1zheqkDrzqgBzDK1cnFSET+Z1goXZZYZiomX+bDxa X4wdHTfHVruikAbLc4CLTHBJrqvwVAabPLKmuzLP/+wXW1ncXHJ69ZQwHj/ADp6KzsfL EvCXkkHtRZ4crklX5QmrYVKtni6vj3P9ue9c79RljIyIy6NUHfgrlzRAFWQjnf8VBGCZ xnScfTX+Uon/AForJKKPy7k2q30VGmtAP9ebP+cXo6t+CGTDtHeFGnJhQxyGNyTwAc70 KR/Q== X-Received: by 10.112.205.5 with SMTP id lc5mr17503lbc.40.1395022994989; Sun, 16 Mar 2014 19:23:14 -0700 (PDT) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.112.205.73 with HTTP; Sun, 16 Mar 2014 19:22:34 -0700 (PDT) In-Reply-To: References: <20140314074112.GB26909@mail> <20140314110326.GA80300@mail> <20140316085339.GA92540@mail> Date: Mon, 17 Mar 2014 11:22:34 +0900 X-Google-Sender-Auth: cPa0Ph1Dv6b_1fXKkEmXm9j3aPY Message-ID: To: Mateusz Kocielski Cc: "internals@lists.php.net" Content-Type: multipart/alternative; boundary=001a11c3ce3211e5e604f4c41af2 Subject: Re: [PHP-DEV] Solution for session_regenerate_id() issues From: yohgaki@ohgaki.net (Yasuo Ohgaki) --001a11c3ce3211e5e604f4c41af2 Content-Type: text/plain; charset=UTF-8 On Mon, Mar 17, 2014 at 11:15 AM, Yasuo Ohgaki wrote: > // ** set timeout flag ** > if ($_SESSION['LAST_REGENERATE'] < time() + 600) { > $_SESSION['VALID_UNTIL'] = time() + 60; // Shorter is better, but rather > large value is set for lost radio/hand over/etc. Old session is allowed to > use as valid session for 60 seconds. > session_commit(); // Need to save above data in old session. > session_start(); > $_SESSION['LAST_REGENERATE'] = time(); // Update regenerate time here. > session_regenerate_id(); // New session ID and old session data with old > session ID is left > unset($_SESSION['VALID_UNTIL']; // This session should not be deleted > later. > } > BTW, $_SESSION['LAST_REGENERATE'] = time(); // Update regenerate time here. This is bad code for new session save handler. This should be $_SESSION['NEXT_REGENERATE'] = time()+600; // Update regenerate time here. This way, unneeded session data writes can be avoided. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --001a11c3ce3211e5e604f4c41af2--