Piwik_Session::regenerateId destroys the session #2277
Labels
Bug
For errors / faults / flaws / inconsistencies etc.
Major
Indicates the severity or impact or benefit of an issue is much higher than normal but not critical.
worksforme
The issue cannot be reproduced and things work as intended.
Milestone
The method Zend_Session::regenerateId actually destroys the session, unlike the PHP native session_regenerate_id which optionally keeps the session data.
Because Piwik_Session is inherited from Zend_Session, Piwik_Session::regenerateId clears out session vars, affecting a previously open session by other application (given that same cookie name is used in Piwik and there, to share login and allow users to login just one time for all apps)
According to Zend documentations,
http://framework.zend.com/manual/en/zend.session.global_session_management.html
"If a user has successfully logged into your website, use rememberMe() instead of regenerateId()."
This way it doesn't hurt other applications' session.
File: [plugins/Login/Login.php]
Class: Piwik_Login
Method: Piwik_Session::regenerateId();
Line: #138
The text was updated successfully, but these errors were encountered: