session_regenerate_id

PHP 4 >= 4.3.2, PHP 5, PHP 7, PHP 8
session_regenerate_id - Update the current session id with a newly generated one
Manual
Code Examples

session_regenerate_id( [bool$delete_old_session = false] ): bool

session_regenerate_id will replace the current session id with a new one, and keep the current session information.

When session.use_trans_sid is enabled, output must be started after session_regenerate_id call. Otherwise, old session ID is used.

Warning:

Currently, session_regenerate_id does not handle an unstable network well, e.g. Mobile and WiFi network. Therefore, you may experience a lost session by calling session_regenerate_id.

You should not destroy old session data immediately, but should use destroy time-stamp and control access to old session ID. Otherwise, concurrent access to page may result in inconsistent state, or you may have lost session, or it may cause client(browser) side race condition and may create many session ID needlessly. Immediate session data deletion disables session hijack attack detection and prevention also.

Parameters

delete_old_session

Whether to delete the old associated session file or not. You should not delete old session if you need to avoid races caused by deletion or detect/avoid session hijack attacks.

Return Values

Returns true on success or false on failure.

Related Functions

Example of session_regenerate_id

Show all examples for session_regenerate_id

PHP Version: