It is a security measure to prevent session fixation (and probably other) attacks.
On Sat, Feb 27, 2010 at 13:29, Daniel Lohse <annismcken...@googlemail.com> wrote: > It's correct that the session id gets regenerated. If you have a look at the > sfBasicSecurityUser class you'll see that it calls > $this->storage->regenerate(false). It doesn't destroy the session (the false > parameter indicates this) and the sfSessionStorage class calls PHP's own > session_regenerate_id method > (http://www.php.net/manual/en/function.session-regenerate-id.php). It keeps > the current session data but as to why this function is needed is also a > mystery to me... Anyone? > > Regards, Daniel > > On 27.02.2010, at 13:15, Pino wrote: > >> Hi, >> >> I noticed that after calling addcredential() in Symfony 1.2.11 my >> session_id gets regenerated. Is this normal behaviour and why is this? >> >> -- >> If you want to report a vulnerability issue on symfony, please send it to >> security at symfony-project.com >> >> You received this message because you are subscribed to the Google >> Groups "symfony users" group. >> To post to this group, send email to symfony-users@googlegroups.com >> To unsubscribe from this group, send email to >> symfony-users+unsubscr...@googlegroups.com >> For more options, visit this group at >> http://groups.google.com/group/symfony-users?hl=en > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony users" group. > To post to this group, send email to symfony-users@googlegroups.com > To unsubscribe from this group, send email to > symfony-users+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
