// Drupal will always destroy the existing session when regenerating a
// session. This is inline with the recommendations of @link https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#renew-the-session-id-after-any-privilege-level-change
// OWASP session management cheat sheet. @endlink
$destroy = TRUE;
// Cannot regenerate the session ID for non-active sessions.
if (\PHP_SESSION_ACTIVE !==
session_status()) { // Ensure the metadata bag has been stamped. If the parent::regenerate()
// is called prior to the session being started it will not refresh the
// metadata as expected.
$this->
getMetadataBag()->
stampNew($lifetime);
return FALSE;
} return parent::
regenerate($destroy,
$lifetime);
} /**
* {@inheritdoc}
*/
public function delete($uid) { // Nothing to do if we are not allowed to change the session.