Renaming sessions

zatow

I have an application where sessions are used to track an authenticated admin user. The session name is derived from a variable the user can change via a Web form. I need to provide a way for the user to submit the form with a new value, and if the new value passes error checking, the session is renamed. I've tried multiple combinations of session_name(), session_start(), session_destroy(), but to no avail. In each case, the user is forced to reauthenticate which I'm trying to avoid.

Is there any way to accomplish a simple session renaming?

devinemke

[man]session_name[/man] does get/set the session's name. i'm confused as to why you would want to change the session name. what exactly are you trying to accomplish?

zatow

However session_name() apparently cannot be called again after session_start().

Here's the scenario; let's say the original derived value for the session name is SESSION1.

User fills out sign in form and posts it:
// sign-in ok; start session
- session_name() = SESSION1
- session_start()
- $_SESSION['auth'] = 1
// show page with link

User clicks link to visit the page where he can make changes:
// verify auth
- session_name() = SESSION1
- sesssion_start()
- if ! $_SESSION['auth'] == 1, force sign-in again
// show page with form

User changes the value that session names are based on to "2" and submits the form
// verify auth
- session_name() = SESSION1
- session_start()
- if ! $_SESSION['auth'] == 1, force sign-in again
// scripts checks for errors and if none found:
// session_name() should be set to SESSION2
// but session_name() cannot be called again?

devinemke

why are letting the user change the session name? what is the point of this?

zatow

Multiple versions of an application may run on the same server; the session name is based on a unique identifier set by the admin, and may be changed at any time, meaning the session name should also be updated.