I would like to know how to use session_regenerate_id() effectively..
i tried it as:
Code: Select all
session_start();
if(!empty($_SESSION)){
session_regenerate_id(true);
}Hope to have same comments on it.
Thanks in advance
Moderator: General Moderators
Code: Select all
session_start();
if(!empty($_SESSION)){
session_regenerate_id(true);
}Why would it be overkill? The purpose of it is to lessen the chance of you having your session hijacked, done by changing it's id. Why wouldn't you want to do it per-request?scottayy wrote:And, if you did that, the session id would be regenerated on every scripts execution -- which is a bit of overkill.
Because you don't lock your car doors every time you open them - usually just when you leave the car.superdezign wrote: Why would it be overkill? The purpose of it is to lessen the chance of you having your session hijacked, done by changing it's id. Why wouldn't you want to do it per-request?