05-06-2008, 05:45 PM
|
#1 (permalink)
|
|
is cute and cuddly
Join Date: Mar 2008
Location: Vegas, Baby
Posts: 963
Thanks: 31
|
Sessions and security/maintenance
So I'm in the middle of cleaning up my session class and trying to optimize it, and as such I decided to go through the manual some more this morning, focusing on sessions and all related methods. I came across session_regenerate_id(), and now I'm curious.
Does it make sense to make use of this, and how costly is it? The first thought that ran through my head was security. If somebody is trying to hijack a session, via whatever method, if I'm regenerating the ID constantly, this should make it a lot harder, no? I added it to my __construct and so far no buggy behavior with my sessions, and no appreciable increase in execution time.
Also, if anybody has any experience with this method, how comes 'delete_old_session' doesn't work? I would assume this should default to true, as it makes it sound like a mess of old session id's are left around if you don't set it, however it defaults to false according to the manual. So, running PHP 5.2.5, I tried using it, and PHP produces a notice, Use of undefined constant DELETE_OLD_SESSION - assumed 'DELETE_OLD_SESSION' in.... I tried it all in lower and uppercase, both produce a notice.
-m
|
|
|
|
Join the friendly bunch on IRC...
Linear Mode
