PHP script: Regenerate session ID for security
14. Regenerate Session ID to Prevent Fixation
Write a PHP script to regenerate the session ID to prevent session fixation attacks.
Sample Solution:
PHP Code :
<?php
// Set the session save path
session_save_path('i:/custom/');
session_start();
// Regenerate the session ID
session_regenerate_id(true);
echo "Session ID has been regenerated.";
?>
Sample Output:
Session ID has been regenerated.
Explanation:
In the above exercise -
- We start the session using session_start() to initialize the session.
- Call session_regenerate_id(true) to regenerate the session ID. The parameter true indicates that the old session data should be kept while generating a new session ID.
- Finally, we display a message indicating that the session ID has been regenerated.
Flowchart:

For more Practice: Solve these Related Problems:
- Write a PHP script to regenerate the session ID upon user login and verify that the new session ID differs from the old one.
- Write a PHP function to periodically regenerate the session ID and update the session data securely.
- Write a PHP program to implement session fixation protection by regenerating the session ID on key actions and logging the change.
- Write a PHP script to compare old and new session IDs before and after calling session_regenerate_id() in a user workflow.
PHP Code Editor:
Contribute your code and comments through Disqus.
Previous: Limit maximum concurrent sessions to 3.
Next: PHP script: Display last session access time.
What is the difficulty level of this exercise?
Test your Programming skills with w3resource's quiz.