Im reading session_regenerate_id() and also the warning. Unfortunately it is not very clear on the workings and user experience.
What is against regenerating the session id and why is this specific a problem for mobile applications?
My Answer:
Regenerating the session id can cause some potential problems, especially for mobile applications. Some of the issues that can arise include:
1. Loss of session data: When the session id is regenerated, the old session data may be lost. This can lead to a poor user experience as the user may have to re-enter information or re-authenticate themselves.
2. Session fixation attacks: Regenerating the session id can potentially open up the application to session fixation attacks, where an attacker can fixate a session id and hijack the user's session.
3. Performance impact: Regenerating the session id can also have a performance impact, as it requires additional processing and resources to generate a new id and update the session data.
In the case of mobile applications, regenerating the session id can be particularly problematic due to the limitations of mobile devices, such as slower processing speeds and limited network connectivity. This can result in a slower and less responsive user experience when regenerating the session id.
Overall, while regenerating the session id can be a useful security measure to prevent session hijacking, it should be implemented carefully to avoid potential issues and ensure a smooth user experience, especially in the case of mobile applications.
Rate this post
4 of 5 based on 2734 votesComments