When calling session_start() for the first time, a new session will be generated. Later,

Question

0

Asked: May 30, 20262026-05-30T09:29:27+00:00 2026-05-30T09:29:27+00:00

When calling session_start() for the first time, a new session will be generated. Later,

0

When calling session_start() for the first time, a new session will be generated. Later, when session_start is called again, the session will be resumed using the session id in the cookie (or from GET/POST request if session.use_trans_sid is turned on on the server) sent by the client.

For enhanced security, a new session id can be re-generated for the user from time to time, even when he/she has not logout/login again.

Does this behavior happen automatically, meaning that this is the default setting on most web servers? Or it requires manual coding?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-30T09:29:28+00:00

Editorial Team

2026-05-30T09:29:28+00:00Added an answer on May 30, 2026 at 9:29 am

It does not happen automatically.

You have to use session_regenerate_id().

session_regenerate_id() will replace the current session id with a new
one, and keep the current session information.

It is a good practice that you change the session id at least every time the user’s privilege level changes (simplest example being when he logs in).

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

When calling session_start() for the first time, a new session will be generated. Later,

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply