Differences

This shows you the differences between two versions of the page.

--- v5:session:reference:adodb_session_regenerate_id [2016/05/22 00:57] – created mnewnham
+++ v5:session:reference:adodb_session_regenerate_id [2016/05/22 17:22] – mnewnham
@@ Line 10: / Line 10: @@
 ===== Description =======
 Since PHP V4.21, this function has simply been a wrapper for the PHP function [[http://php.net/manual/en/function.session-regenerate-id.php|session_regenerate_id()]] .
-=====Usage=====
-<code php>
-include_once 'adodb/adodb.inc.php';
+===== Session Cookie Regeneration =====
-include_once "adodb/session/adodb-session2.php";
+The method ''adodb_session_regenerate_id()'' will dynamically change the current session id with a newly generated one and update database. This currently only works with cookies. Useful to improve security by reducing the risk of session-hijacking. See this article on Session Fixation for more info on the theory behind this feature.
+=====Usage=====
+<code php>
+include 'adodb/adodb-session2.php';
 ADODB_session::config($driver,$host,$user,$pass,$database);
+session_start();
+/*
+* Approximately every 10 page loads, reset cookie for safety.
+* This is extremely simplistic example, better
+* to regenerate only when the user logs in or changes
+* user privilege levels.
+*/
+if ((rand()%10) == 0)
+    adodb_session_regenerate_id();
+</code>
-$_SESSION['key1'] = 'value1';
-$_SESSION['key2']['sub1'] = 'subvalue1';
-$_SESSION['key2']['sub2'] = 'subvalue2';
-adodb_session_regenerate_id;
-</code>