0

I am running PHP 7.2 and need to regenerate and set the desired id for an already active session as follows...

session_start();        // the session is activated
...
...
$newSessionID = session_create_id();
...
...
if ($someConditionIsSatisfied) {
  session_regenerate_id($newSessionID);
}

The problem: session_regenerate_id() auto-creates a new session id but doesn't have the ability to take a specific session ID as input.

...so I'm stumped as to how to regenerate a session having "my desired id".

Does anyone know how I might achieve the above in PHP?

Pancho
  • 2,043
  • 24
  • 39

1 Answers1

0

You'd have to set the session_id before you start the session.

session_id('my_session_id');
session_start();

Your question has already been answered here: How to get/set session_id() or should it be generated automatically?

Maximilian
  • 463
  • 5
  • 16
  • thanks actually I'm aware of this, but the problem is that session_start() has been run way earlier in the process. I need it for "an already active session" (session_regenerate_id() works perfectly for an active session ...you just can't give it an id) [will edit my question to clarify] – Pancho Jan 31 '19 at 19:51
  • Yeah, I misunderstood the question, sorry about that. If I've understood, you want to take control of an already existing session and access that sessions data? If that is the case, I'm sorry to disappoint you. Sessions are isolated and you can't (to my knowledge) access one outside of that session. However, you could just write the session data ($_SESSION) to either disk or database with the corresponding session id. You could then "rebuild" the session with your desired session id anew. – Maximilian Jan 31 '19 at 20:19
  • thanks again! I'm looking for a hybrid of session_id('my session id') and session_regenerate_id(). I'm not trying to do anything clever ...I don't think :) - simply regenerate my existing session with the id of my choosing if/when I need to. The idea being to apply slightly more complicated prepare, then choose whether or not to apply logic ...very tricky to explain in detail with limited characters available! :( – Pancho Jan 31 '19 at 20:40
  • Ah, I understand.. I hope you're able to find a solution, sorry I wasn't able to help! – Maximilian Jan 31 '19 at 21:24
  • thanks again! so do I, I'm struggling with understanding why given that I can create a session with an id of my choosing, I can't regenerate a current one with an id of my choosing in the same way. Use case: I send the new session id to the database but if there is failure on the DB, the DB won't be updated in which case $someConditionIsSatisfied would be "false" and I don't want to apply the new session id. It's really doing session_generate_id() but in 2 separate steps, 1 pre db and 2 post db. (i can't destroy and recreate because of session_set_save_handler implications) – Pancho Jan 31 '19 at 21:34
  • This wouldn't work, right? `session_start(); $oldSessionId = session_id(); $oldSessionData = $_SESSION; session_regenerate_id(); $newSessionId = session_id(); /* Do magic */ if ($someConditionIsSatisfied) { /* Keep new session */ } { /* Destroy session and load old values by creating "new" session with old values */ }`If that doesn't work, I found this: https://www.tutorialspoint.com/php/php_sessions.htm – Maximilian Jan 31 '19 at 21:52
  • The basic problem is that "once session_regenerate_id has been run, it's done. There's no turning back. if the subsequent update of the db with the new id fails (there is a lot of potential for this) then the PHP session id is out of sync with the DB copy ...and I'm in trouble. Happily I'm not dead in the water as I have a workaround via an autonomous db transaction to ensure the id update isn't affected by other anticipated errors - I just don't particularly like the solution. My hope someone on the PHP team sees this and goes - hmm could be useful to add this - but I won't hold my breathe :) – Pancho Jan 31 '19 at 22:05