PHP script: Regenerate session ID for security

Last update on April 16 2025 12:53:06 (UTC/GMT +8 hours)

14. Regenerate Session ID to Prevent Fixation

Write a PHP script to regenerate the session ID to prevent session fixation attacks.

Sample Solution:

PHP Code :

<?php
// Set the session save path
session_save_path('i:/custom/');

session_start();

// Regenerate the session ID
session_regenerate_id(true);

echo "Session ID has been regenerated.";

?>

Sample Output:

Session ID has been regenerated.

Explanation:

In the above exercise -

• We start the session using session_start() to initialize the session.
• Call session_regenerate_id(true) to regenerate the session ID. The parameter true indicates that the old session data should be kept while generating a new session ID.
• Finally, we display a message indicating that the session ID has been regenerated.

Flowchart:

For more Practice: Solve these Related Problems:

• Write a PHP script to regenerate the session ID upon user login and verify that the new session ID differs from the old one.
• Write a PHP function to periodically regenerate the session ID and update the session data securely.
• Write a PHP program to implement session fixation protection by regenerating the session ID on key actions and logging the change.
• Write a PHP script to compare old and new session IDs before and after calling session_regenerate_id() in a user workflow.

PHP Code Editor:

Click to Open Editor

Contribute your code and comments through Disqus.

Previous: Limit maximum concurrent sessions to 3.
Next: PHP script: Display last session access time.