function SessionManager::regenerate
Same name in other branches
- 9 core/lib/Drupal/Core/Session/SessionManager.php \Drupal\Core\Session\SessionManager::regenerate()
- 8.9.x core/lib/Drupal/Core/Session/SessionManager.php \Drupal\Core\Session\SessionManager::regenerate()
- 11.x core/lib/Drupal/Core/Session/SessionManager.php \Drupal\Core\Session\SessionManager::regenerate()
File
-
core/
lib/ Drupal/ Core/ Session/ SessionManager.php, line 205
Class
- SessionManager
- Manages user sessions.
Namespace
Drupal\Core\SessionCode
public function regenerate($destroy = FALSE, $lifetime = NULL) : bool {
// Nothing to do if we are not allowed to change the session.
if ($this->isCli()) {
return FALSE;
}
// Drupal will always destroy the existing session when regenerating a
// session. This is inline with the recommendations of @link https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#renew-the-session-id-after-any-privilege-level-change
// OWASP session management cheat sheet. @endlink
$destroy = TRUE;
// Cannot regenerate the session ID for non-active sessions.
if (\PHP_SESSION_ACTIVE !== session_status()) {
// Ensure the metadata bag has been stamped. If the parent::regenerate()
// is called prior to the session being started it will not refresh the
// metadata as expected.
$this->getMetadataBag()
->stampNew($lifetime);
return FALSE;
}
return parent::regenerate($destroy, $lifetime);
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.