|
@@ -308,24 +308,13 @@ class Zend_Session extends Zend_Session_Abstract
|
|
|
"() before any output has been sent to the browser; output started in {$filename}/{$linenum}");
|
|
"() before any output has been sent to the browser; output started in {$filename}/{$linenum}");
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
- if (self::$_sessionStarted && self::$_regenerateIdState <= 0) {
|
|
|
|
|
|
|
+ if ( !self::$_sessionStarted ) {
|
|
|
|
|
+ self::$_regenerateIdState = -1;
|
|
|
|
|
+ } else {
|
|
|
if (!self::$_unitTestEnabled) {
|
|
if (!self::$_unitTestEnabled) {
|
|
|
session_regenerate_id(true);
|
|
session_regenerate_id(true);
|
|
|
}
|
|
}
|
|
|
self::$_regenerateIdState = 1;
|
|
self::$_regenerateIdState = 1;
|
|
|
- } else {
|
|
|
|
|
- /**
|
|
|
|
|
- * @todo If we can detect that this requester had no session previously,
|
|
|
|
|
- * then why regenerate the id before the session has started?
|
|
|
|
|
- * Feedback wanted for:
|
|
|
|
|
- //
|
|
|
|
|
- if (isset($_COOKIE[session_name()]) || (!use only cookies && isset($_REQUEST[session_name()]))) {
|
|
|
|
|
- self::$_regenerateIdState = 1;
|
|
|
|
|
- } else {
|
|
|
|
|
- self::$_regenerateIdState = -1;
|
|
|
|
|
- }
|
|
|
|
|
- //*/
|
|
|
|
|
- self::$_regenerateIdState = -1;
|
|
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
|
|
|
matthew