Handling session_regenerate_id () in ajax requests

Question

Handling session_regenerate_id () in ajax requests

I want to protect my application a bit, especially I want to improve the way sessions are handled. So, at this moment I know a few facts:

session_regenerate_id(false) does not destroy the old session
session_regenerate_id(true) destroys the old session. With a normal page reload, there is nothing wrong with using session_regenerate_id(true) .

However, when creating dozens of concurrent AJAX requests, there may be a problem that leads to the object destruction failed error message.

So there is nothing more to do, then use session_regenerate_id(false) in the AJAX request.

But you need to somehow note the previous obsolete sessions, which become obsolete as a result of calling session_regenerate_id(false) , as “zombie” sessions that will be destroyed in some way and will not mutate the folder sessions.

I need some practical advice on how to implement this.

+5

ajax php session

Jacobian May 22, '15 at 13:23

source share

1 answer

Matt s · Answer 1 · 2017-09-11T14:51:03+0000

All session cleanup, including with regenerated identifiers, is handled by the PHP session garbage collector. When calling session_regenerate_id(false) nothing special is needed to delete old sessions from the repository.

The PHP settings for session.gc_probability , session.gc_divisor and session.gc_maxlifetime apply.

You can also start cleaning up your session storage based on the last access time .

Handling session_regenerate_id () in ajax requests

More articles: