Add 'sess_regenerate_destroy' setting
diff --git a/application/config/config.php b/application/config/config.php
index 1e39959..5b60ae9 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -344,6 +344,12 @@
|
| How many seconds between CI regenerating the session ID.
|
+| 'sess_regenerate_delete'
+|
+| Whether to destroy session data associated with the old session ID
+| when auto-regenerating the session ID. When set to FALSE, the data
+| will be later deleted by the garbage collector.
+|
| Other session cookie settings are shared with the rest of the application,
| except for 'cookie_prefix' and 'cookie_httponly', which are ignored here.
|
@@ -354,6 +360,7 @@
$config['sess_save_path'] = NULL;
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
+$config['sess_regenerate_destroy'] = FALSE;
/*
|--------------------------------------------------------------------------
diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index ba1919b..de9b1e8 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -153,7 +153,7 @@
}
elseif ($_SESSION['__ci_last_regenerate'] < (time() - $regenerate_time))
{
- $this->sess_regenerate(FALSE);
+ $this->sess_regenerate((bool) config_item('sess_regenerate_destroy'));
}
}
// Another work-around ... PHP doesn't seem to send the session cookie
diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst
index e278068..c8a1f19 100644
--- a/user_guide_src/source/libraries/sessions.rst
+++ b/user_guide_src/source/libraries/sessions.rst
@@ -433,20 +433,22 @@
You'll find the following Session related preferences in your
**application/config/config.php** file:
-======================== =============== ======================================== ============================================================================================
-Preference Default Options Description
-======================== =============== ======================================== ============================================================================================
-**sess_driver** files files/database/redis/memcached/*custom* The session storage driver to use.
-**sess_cookie_name** ci_session [A-Za-z\_-] characters only The name used for the session cookie.
-**sess_expiration** 7200 (2 hours) Time in seconds (integer) The number of seconds you would like the session to last.
- If you would like a non-expiring session (until browser is closed) set the value to zero: 0
-**sess_save_path** NULL None Specifies the storage location, depends on the driver being used.
-**sess_time_to_update** 300 Time in seconds (integer) This option controls how often the session class will regenerate itself and create a new
- session ID. Setting it to 0 will disable session ID regeneration.
-**sess_match_ip** FALSE TRUE/FALSE (boolean) Whether to validate the user's IP address when reading the session cookie.
- Note that some ISPs dynamically changes the IP, so if you want a non-expiring session you
- will likely set this to FALSE.
-======================== =============== ======================================== ============================================================================================
+============================ =============== ======================================== ============================================================================================
+Preference Default Options Description
+============================ =============== ======================================== ============================================================================================
+**sess_driver** files files/database/redis/memcached/*custom* The session storage driver to use.
+**sess_cookie_name** ci_session [A-Za-z\_-] characters only The name used for the session cookie.
+**sess_expiration** 7200 (2 hours) Time in seconds (integer) The number of seconds you would like the session to last.
+ If you would like a non-expiring session (until browser is closed) set the value to zero: 0
+**sess_save_path** NULL None Specifies the storage location, depends on the driver being used.
+**sess_match_ip** FALSE TRUE/FALSE (boolean) Whether to validate the user's IP address when reading the session cookie.
+ Note that some ISPs dynamically changes the IP, so if you want a non-expiring session you
+ will likely set this to FALSE.
+**sess_time_to_update** 300 Time in seconds (integer) This option controls how often the session class will regenerate itself and create a new
+ session ID. Setting it to 0 will disable session ID regeneration.
+**sess_regenerate_destroy** FALSE TRUE/FALSE (boolean) Whether to destroy session data associated with the old session ID when auto-regenerating
+ the session ID. When set to FALSE, the data will be later deleted by the garbage collector.
+============================ =============== ======================================== ============================================================================================
.. note:: As a last resort, the Session library will try to fetch PHP's
session related INI settings, as well as legacy CI settings such as