@@ -180,10 +180,21 @@ public function start()
180180 // Need to apply the config options so they can be ready by session_start
181181 $ this initIniOptions ();
182182 $ this registerSaveHandler ();
183+ if (isset ($ _SESSION 'new_session_id ' ])) {
184+ // Not fully expired yet. Could be lost cookie by unstable network.
185+ session_commit ();
186+ session_id ($ _SESSION 'new_session_id ' ]);
187+ }
183188 $ sid$ this sidResolver ->getSid ($ this
184189 // potential custom logic for session id (ex. switching between hosts)
185190 $ this setSessionId ($ sid
186191 session_start ();
192+ if (isset ($ _SESSION 'destroyed ' ])) {
193+ if ($ _SESSION 'destroyed ' ] < time () - 300 ) {
194+ $ this destroy (['clear_storage ' => true ]);
195+
196+ }
197+ }
187198 $ this validator ->validate ($ this
188199 $ this renewCookie ($ sid
189200
@@ -498,7 +509,31 @@ public function regenerateId()
498509 return $ this
499510 }
500511
501- $ this isSessionExists () ? session_regenerate_id (true ) : session_start ();
512+ if ($ this isSessionExists ()) {
513+ //regenerate the session
514+ session_regenerate_id ();
515+ $ new_session_idsession_id ();
516+
517+ $ _SESSION 'new_session_id ' ] = $ new_session_id
518+
519+ // Set destroy timestamp
520+ $ _SESSION 'destroyed ' ] = time ();
521+
522+ // Write and close current session;
523+ session_commit ();
524+ $ oldSession$ _SESSION //called after destroy - see destroy!
525+ // Start session with new session ID
526+ session_id ($ new_session_id
527+ ini_set ('session.use_strict_mode ' , 0 );
528+ session_start ();
529+ ini_set ('session.use_strict_mode ' , 1 );
530+ $ _SESSION $ oldSession
531+ // New session does not need them
532+ unset($ _SESSION 'destroyed ' ]);
533+ unset($ _SESSION 'new_session_id ' ]);
534+ } else {
535+ session_start ();
536+ }
502537 $ this storage ->init (isset ($ _SESSION $ _SESSION
503538
504539 if ($ this sessionConfig ->getUseCookies ()) {
0 commit comments