reference/session/functions/session-regenerate-id.xml
b9c73a59a824b8e763899ad93ee4b218b28ab0fa
b9c73a59a824b8e763899ad93ee4b218b28ab0fa
...
...
@@ -33,7 +33,7 @@
33
33
You should not destroy old session data immediately, but should use
34
34
destroy time-stamp and control access to old session ID. Otherwise,
35
35
concurrent access to page may result in inconsistent state, or you
36
-
may have lost session, or it may cause client(browser) side race
36
+
may have lost session, or it may cause client (browser) side race
37
37
condition and may create many session ID needlessly. Immediate
38
38
session data deletion disables session hijack attack detection
39
39
and prevention also.
...
...
@@ -91,7 +91,7 @@ if (isset($_SESSION['destroyed'])
91
91
$old_sessionid = session_id();
92
92
93
93
// Set destroyed timestamp
94
-
$_SESSION['destroyed'] = time(); // Since PHP 7.0.0 and up, session_regenerate_id() saves old session data
94
+
$_SESSION['destroyed'] = time(); // session_regenerate_id() saves old session data
95
95
96
96
// Simply calling session_regenerate_id() may result in lost session, etc.
97
97
// See next example.
98
98