Hello,
im having a bit of trouble with Zend_session and regenerating the id's.
I would expect it to work just a bit different than what we have now with
ZF.
I want to be able to regenerate every session id on request, but there is a
tiny problem:
require('Zend/Session.php');
$xxx = new Zend_Session_Namespace('xxxx');
Zend_Session::regenerateId();
$xxx->counter++;
echo $xxx->counter;
will work ok , untill i start to refresh rapidly the page, then it looses
the seesion.
with native php code it runs fine.
BUT, when using session_regenerate_id(true); in php it will loose it too
(the same way function is used in zend_session), my guess is that old id is
deleted and new is generated and the browser doesnt have enought time to
receive the new cookie with new id, and it looses the session.
without the true flag, session_regenerate_id seems to store the old id too
, so we dont have unlogged user even on fast refresh, it may not seem like a
big issue, but when we are using ajax calls to send heartbeats to server,
and user in same time clicks some link - we end up with unlogged user - not
a thing we would expect IMO.
can the zend_session get changed to use juzt the session_regenerate_id()
instead of session_regenerate_id(true) in next minor revision ?
--
View this message in context:
http://www.nabble.com/concerned-about-regenerating-id-tf4856217s16154.html#a13896143
Sent from the Zend Core mailing list archive at Nabble.com.
|
