Tjyylli

Western buddy movie with a supernatural twist where a woman turns into an eagle at the end

How to take photos in burst mode, without vibration?

Does a druid starting with a bow start with no arrows?

What is going on with Captain Marvel's blood colour?

Why are electrically insulating heatsinks so rare? Is it just cost?

Did Shadowfax go to Valinor?

UK: Is there precedent for the governments e-petition site changing the direction of a government decision?

Do I have a twin with permutated remainders?

Is it possible to download Internet Explorer on my Mac running OS X El Capitan?

What is the PIE reconstruction for word-initial alpha with rough breathing?

What is the word for reserving something for yourself before others do?

Will google still index a page if I use a $_SESSION variable?

prove that the matrix A is diagonalizable

What to put in ESTA if staying in US for a few days before going on to Canada

Took a trip to a parallel universe, need help deciphering

Python: return float 1.0 as int 1 but float 1.5 as float 1.5

What mechanic is there to disable a threat instead of killing it?

1960's book about a plague that kills all white people

Were any external disk drives stacked vertically?

Anagram holiday

Is "remove commented out code" correct English?

Alternative to sending password over mail?

How much of data wrangling is a data scientist's job?

How do conventional missiles fly?

I don't understand why session_regenerate_id is dangerous with low connection?

Create a New Session ID (seamless ID transfer)PHP session regeneration securityEffective way to protect session hijacking in phpClearing session cookies in the browserWhen and why I should use session_regenerate_id()?Symfony 1.4 - sfCacheSessionStorageHow to delete NOT CURRENT session?Jboss SSO session is not destroyed after maxInactiveIntervalloosing session variables in php, probably CORS causedHow to completely (I mean COMPLETELY) destroy all session data and prevent cached access?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}

1

I'm working on security of my website and I would understand why session_regenerate_id should be use carefully.
In the php manual doc (https://www.php.net/manual/fr/function.session-regenerate-id.php) they say :

Currently, session_regenerate_id does not handle an unstable network well, e.g. Mobile and WiFi network. Therefore, you may experience a lost session by calling session_regenerate_id.

You should not destroy old session data immediately, but should use destroy time-stamp and control access to old session ID. Otherwise, concurrent access to page may result in inconsistent state, or you may have lost session, or it may cause client(browser) side race condition and may create many session ID needlessly. Immediate session data deletion disables session hijack attack detection and prevention also.

I don't understand why this function could implies lost connections.
We send a request to the server he change the SID (init $_SESSION with old values and create a file at save_file location) so he can sent a cookie to the client.

Anybody can explain me where we can have a session lost ?
I am really confused with that but I would understand this problem in order to fixe that...

In advance, thanks all :D

php session session-hijacking

share|improve this question

asked 9 hours ago

Maximilien FaureMaximilien Faure

133

migrated from superuser.com 4 hours ago

This question came from our site for computer enthusiasts and power users.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Welcome to Super User. I don't understand the statement, "...why this function could implies lost connections." The word implies seems incorrect for the context.
  
  – Twisty Impersonator
  7 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks ;) implies is perhaps not a good word, I just want to know why a bad connection and the fact to use the function session_regenerate_id() could "imply/bring" a lost of session connection like his said in the text above (sorry for my "english" ^^
  
  – Maximilien Faure
  6 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Let's start by stating that PHP's built in session mechanism is so-so. All good and popular frameworks implement their own, much more advanced session mechanisms. Related to the question - if you call that function (assuming request reached the server), PHP alters the session identifier. It tries to send updated data back to client. Since it's wifi or mobile connection, it can break (they break often). Server now has updated data, while the client browser doesn't (request lost due to unstable connection). Client browser delivers old data on refresh, but session is now gone. Result: lost info.
  
  – Mjh
  4 hours ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Ah, I see. Perhaps the words you're looking for are result in, as in, "I don't understand why this function could result in lost connections."
  
  – Twisty Impersonator
  4 hours ago
  
  
  

  
  
  
  

add a comment | 

1

I'm working on security of my website and I would understand why session_regenerate_id should be use carefully.
In the php manual doc (https://www.php.net/manual/fr/function.session-regenerate-id.php) they say :

Currently, session_regenerate_id does not handle an unstable network well, e.g. Mobile and WiFi network. Therefore, you may experience a lost session by calling session_regenerate_id.

You should not destroy old session data immediately, but should use destroy time-stamp and control access to old session ID. Otherwise, concurrent access to page may result in inconsistent state, or you may have lost session, or it may cause client(browser) side race condition and may create many session ID needlessly. Immediate session data deletion disables session hijack attack detection and prevention also.

I don't understand why this function could implies lost connections.
We send a request to the server he change the SID (init $_SESSION with old values and create a file at save_file location) so he can sent a cookie to the client.

Anybody can explain me where we can have a session lost ?
I am really confused with that but I would understand this problem in order to fixe that...

In advance, thanks all :D

php session session-hijacking

share|improve this question

asked 9 hours ago

Maximilien FaureMaximilien Faure

133

migrated from superuser.com 4 hours ago

This question came from our site for computer enthusiasts and power users.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Welcome to Super User. I don't understand the statement, "...why this function could implies lost connections." The word implies seems incorrect for the context.
  
  – Twisty Impersonator
  7 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks ;) implies is perhaps not a good word, I just want to know why a bad connection and the fact to use the function session_regenerate_id() could "imply/bring" a lost of session connection like his said in the text above (sorry for my "english" ^^
  
  – Maximilien Faure
  6 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Let's start by stating that PHP's built in session mechanism is so-so. All good and popular frameworks implement their own, much more advanced session mechanisms. Related to the question - if you call that function (assuming request reached the server), PHP alters the session identifier. It tries to send updated data back to client. Since it's wifi or mobile connection, it can break (they break often). Server now has updated data, while the client browser doesn't (request lost due to unstable connection). Client browser delivers old data on refresh, but session is now gone. Result: lost info.
  
  – Mjh
  4 hours ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Ah, I see. Perhaps the words you're looking for are result in, as in, "I don't understand why this function could result in lost connections."
  
  – Twisty Impersonator
  4 hours ago
  
  
  

  
  
  
  

add a comment | 

I'm working on security of my website and I would understand why session_regenerate_id should be use carefully.
In the php manual doc (https://www.php.net/manual/fr/function.session-regenerate-id.php) they say :

Currently, session_regenerate_id does not handle an unstable network well, e.g. Mobile and WiFi network. Therefore, you may experience a lost session by calling session_regenerate_id.

You should not destroy old session data immediately, but should use destroy time-stamp and control access to old session ID. Otherwise, concurrent access to page may result in inconsistent state, or you may have lost session, or it may cause client(browser) side race condition and may create many session ID needlessly. Immediate session data deletion disables session hijack attack detection and prevention also.

I don't understand why this function could implies lost connections.
We send a request to the server he change the SID (init $_SESSION with old values and create a file at save_file location) so he can sent a cookie to the client.

Anybody can explain me where we can have a session lost ?
I am really confused with that but I would understand this problem in order to fixe that...

In advance, thanks all :D

php session session-hijacking

share|improve this question

asked 9 hours ago

Maximilien FaureMaximilien Faure

133

share|improve this question

asked 9 hours ago

Maximilien FaureMaximilien Faure

133

share|improve this question

asked 9 hours ago

Maximilien FaureMaximilien Faure

133

asked 9 hours ago

Maximilien FaureMaximilien Faure

133

asked 9 hours ago

Maximilien FaureMaximilien Faure

133