-
Notifications
You must be signed in to change notification settings - Fork 861
Expand file tree
/
Copy pathsession-create-id.xml
More file actions
151 lines (143 loc) · 4.47 KB
/
session-create-id.xml
File metadata and controls
151 lines (143 loc) · 4.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
<?xml version="1.0" encoding="utf-8"?>
<!-- $Revision$ -->
<refentry xml:id="function.session-create-id" xmlns="http://docbook.org/ns/docbook">
<refnamediv>
<refname>session_create_id</refname>
<refpurpose>Create new session id</refpurpose>
</refnamediv>
<refsect1 role="description">
&reftitle.description;
<methodsynopsis>
<type class="union"><type>string</type><type>false</type></type><methodname>session_create_id</methodname>
<methodparam choice="opt"><type>string</type><parameter>prefix</parameter><initializer>""</initializer></methodparam>
</methodsynopsis>
<para>
<function>session_create_id</function> is used to create new
session id for the current session. It returns collision free
session id.
</para>
<para>
If session is not active, collision check is omitted.
</para>
<para>
Session ID is created according to php.ini settings.
</para>
<para>
It is important to use the same user ID of your web server for GC
task script. Otherwise, you may have permission problems especially
with files save handler.
</para>
</refsect1>
<refsect1 role="parameters">
&reftitle.parameters;
<para>
<variablelist>
<varlistentry>
<term><parameter>prefix</parameter></term>
<listitem>
<para>
If <parameter>prefix</parameter> is specified, new session id
is prefixed by <parameter>prefix</parameter>. Not all
characters are allowed within the session id. Characters in
the range <literal>[a-zA-Z0-9,-]</literal> are allowed. Maximum length is 256 characters.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1 role="returnvalues">
&reftitle.returnvalues;
<para>
<function>session_create_id</function> returns new collision free
session id for the current session. If it is used without active
session, it omits collision check.
On failure, &false; is returned.
</para>
</refsect1>
<refsect1 role="examples">
&reftitle.examples;
<para>
<example>
<title><function>session_create_id</function> example with <function>session_regenerate_id</function></title>
<programlisting role="php">
<![CDATA[
<?php
// My session start function support timestamp management
function my_session_start() {
session_start();
// Do not allow to use too old session ID
if (!empty($_SESSION['deleted_time']) && $_SESSION['deleted_time'] < time() - 180) {
session_destroy();
session_start();
}
}
// My session regenerate id function
function my_session_regenerate_id() {
// Call session_create_id() while session is active to
// make sure collision free.
if (session_status() != PHP_SESSION_ACTIVE) {
session_start();
}
// WARNING: Never use confidential strings for prefix!
$newid = session_create_id('myprefix-');
// Set deleted timestamp. Session data must not be deleted immediately for reasons.
$_SESSION['deleted_time'] = time();
// Finish session
session_commit();
// Make sure to accept user defined session ID
// NOTE: You must enable use_strict_mode for normal operations.
ini_set('session.use_strict_mode', 0);
// Set new custom session ID
session_id($newid);
// Start with custom session ID
session_start();
}
// Make sure use_strict_mode is enabled.
// use_strict_mode is mandatory for security reasons.
ini_set('session.use_strict_mode', 1);
my_session_start();
// Session ID must be regenerated when
// - User logged in
// - User logged out
// - Certain period has passed
my_session_regenerate_id();
// Write useful codes
?>
]]>
</programlisting>
</example>
</para>
</refsect1>
<refsect1 role="seealso">
&reftitle.seealso;
<para>
<simplelist>
<member><function>session_regenerate_id</function></member>
<member><function>session_start</function></member>
<member><link linkend="ini.session.use-strict-mode">session.use_strict_mode</link></member>
<member><methodname>SessionHandler::create_sid</methodname></member>
</simplelist>
</para>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->