stampNew example

if (headers_sent()) {
            return false;
        }

        if (null !== $lifetime && $lifetime != \ini_get('session.cookie_lifetime')) {
            $this->save();
            ini_set('session.cookie_lifetime', $lifetime);
            $this->start();
        }

        if ($destroy) {
            $this->metadataBag->stampNew();
        }

        return session_regenerate_id($destroy);
    }

    /** * @return void */
    public function save()
    {
        // Store a copy so we can restore the bags in case the session was not left empty
$current_user = $this->loggedInUser;
      $this->drupalLogout();
      $this->drupalLogin($current_user);
    }
  }

  /** * {@inheritdoc} */
  protected function drupalLogout() {
    parent::drupalLogout();
    $this->container->get('session_manager.metadata_bag')->stampNew();
  }

}
if (headers_sent()) {
            return false;
        }

        if (null !== $lifetime && $lifetime != \ini_get('session.cookie_lifetime')) {
            $this->save();
            ini_set('session.cookie_lifetime', $lifetime);
            $this->start();
        }

        if ($destroy) {
            $this->metadataBag->stampNew();
        }

        return session_regenerate_id($destroy);
    }

    /** * @return void */
    public function save()
    {
        // Store a copy so we can restore the bags in case the session was not left empty
return $this->meta[static::CSRF_TOKEN_SEED];
    }
  }

  /** * {@inheritdoc} * * phpcs:ignore Drupal.Commenting.FunctionComment.VoidReturn * @return void */
  public function stampNew($lifetime = NULL) {
    parent::stampNew($lifetime);

    // Set the token seed immediately to avoid a race condition between two     // simultaneous requests without a seed.     $this->setCsrfTokenSeed(Crypt::randomBytesBase64());
  }

}

class MetadataBagTest extends UnitTestCase {

  /** * @covers ::stampNew */
  public function testStampNew() {
    $metadata = new MetadataBag(new Settings([]));
    $metadata->setCsrfTokenSeed('a_cryptographically_secure_long_random_string_should_used_here');
    $metadata->stampNew();
    $this->assertNotEquals('a_cryptographically_secure_long_random_string_should_used_here', $metadata->getCsrfTokenSeed());
  }

}
$this->loadSession();

        return true;
    }

    public function regenerate(bool $destroy = false, int $lifetime = null): bool
    {
        if (!$this->started) {
            $this->start();
        }

        $this->metadataBag->stampNew($lifetime);
        $this->id = $this->generateId();

        return true;
    }

    public function getId(): string
    {
        return $this->id;
    }

    /** * @return void */
$this->loadSession();

        return true;
    }

    public function regenerate(bool $destroy = false, int $lifetime = null): bool
    {
        if (!$this->started) {
            $this->start();
        }

        $this->metadataBag->stampNew($lifetime);
        $this->id = $this->generateId();

        return true;
    }

    public function getId(): string
    {
        return $this->id;
    }

    /** * @return void */
// Drupal will always destroy the existing session when regenerating a     // session. This is inline with the recommendations of @link https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#renew-the-session-id-after-any-privilege-level-change     // OWASP session management cheat sheet. @endlink     $destroy = TRUE;

    // Cannot regenerate the session ID for non-active sessions.     if (\PHP_SESSION_ACTIVE !== session_status()) {
      // Ensure the metadata bag has been stamped. If the parent::regenerate()       // is called prior to the session being started it will not refresh the       // metadata as expected.       $this->getMetadataBag()->stampNew($lifetime);
      return FALSE;
    }

    return parent::regenerate($destroy$lifetime);
  }

  /** * {@inheritdoc} */
  public function delete($uid) {
    // Nothing to do if we are not allowed to change the session.
Home | Imprint | This part of the site doesn't use cookies.