Reputation: 6750
Session Regeneration
I have some confusion with session handling in PHP. I know how to regenerate new session ID in PHP using session_regenerate_id();, but I don't understand why and when I should regenerate a new session ID.
I have been googling for some time without avail. No one explains why I need to regenerate a new session ID.
Can someone explain why and when I would need to regenerate a new session ID?
Upvotes: 3
Views: 1422
Answers (2)
Reputation: 165271
The reason that regenerating sessions is seen as good, is that it tries to prevent session fixation (or at least limit the damage).
Upvotes: 4
Reputation: 45062
Depends on your situation. Most of the time you shouldn't need to regenerate the ID
All you will need is session_start at the top of you pages.
I Would recommend reading the manual on sessions http://www.php.net/manual/en/book.session.php
Upvotes: 1