Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers CI Session -> can't regenerate id??
CI Session -> can't regenerate id??
  • El Forum
    Guest
  •  
#1
04-28-2010, 05:20 AM

[eluser]arbme666[/eluser]
Hi,

Just wanted to know if there was a regenerate session id function to update the id say when the users permissions change?

I cant seem to find it and if its not built in...why not?

Many thanks
  • El Forum
    Guest
  •  
#2
04-28-2010, 06:32 AM

[eluser]n0xie[/eluser]
It automatically regenerates the session id every x seconds, which you can set in your config.
  • El Forum
    Guest
  •  
#3
04-28-2010, 09:20 AM

[eluser]arbme666[/eluser]
Thanks for the reply.

I just created a new function within Session.php which is just the same as sess_update() but with the following removed from the top and the function renamed to regenerate_id().

Code:
// We only update the session every five minutes by default
if (($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now)
{
return;
}

This will regenerate the session id and update users_activity and keep the users data. Just call it by $this->session->regenerate_id();

Hope this helps anyone who wants a new session id when changing sensitive data like login status etc.
  • El Forum
    Guest
  •  
#4
05-26-2012, 11:07 PM

[eluser]Unknown[/eluser]
You can extend the session library by creating a new file MY_Session.php under application/library folder and exending the CI_Session class. Then define your new functions in MY_Session.php.
Here is the code of application/MY_Session.php
Code:
<?php
class MY_Session extends CI_Session
{
public function __construct()
    {
        parent::__construct();
    }
function regenerate_id()
    {
        // We only update the session every five minutes by default
        /*if (($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now)
        {
            return;
        }*/
  
        // Save the old session id so we know which record to
        // update in the database if we need it
        $old_sessid = $this->userdata['session_id'];
        $new_sessid = '';
        while (strlen($new_sessid) < 32)
        {
            $new_sessid .= mt_rand(0, mt_getrandmax());
        }

        // To make the session ID even more secure we'll combine it with the user's IP
        $new_sessid .= $this->CI->input->ip_address();

        // Turn it into a hash
        $new_sessid = md5(uniqid($new_sessid, TRUE));

        // Update the session data in the session data array
        $this->userdata['session_id'] = $new_sessid;
        $this->userdata['last_activity'] = $this->now;

        // _set_cookie() will handle this for us if we aren't using database sessions
        // by pushing all userdata to the cookie.
        $cookie_data = NULL;

        // Update the session ID and last_activity field in the DB if needed
        if ($this->sess_use_database === TRUE)
        {
            // set cookie explicitly to only have our session data
            $cookie_data = array();
            foreach (array('session_id','ip_address','user_agent','last_activity') as $val)
            {
                $cookie_data[$val] = $this->userdata[$val];
            }

            $this->CI->db->query($this->CI->db->update_string($this->sess_table_name, array('last_activity' => $this->now, 'session_id' => $new_sessid), array('session_id' => $old_sessid)));
        }

        // Write the cookie
        $this->_set_cookie($cookie_data);
    }
}

Call the function through the normal session object like:
Code:
$this->session->regenerate_id();

Thanks,
Technowebsol
  • El Forum
    Guest
  •  
#5
05-27-2012, 11:20 AM

[eluser]InsiteFX[/eluser]
Why are you guys posting to a 2 year old post?




Theme © iAndrew 2016 - Forum software by © MyBB