From e5364130a0ed2a8e1d974090279d37ec66bef96e Mon Sep 17 00:00:00 2001
From: Yasuo Ohgaki <yohgaki@php.net>
Date: Wed, 31 Aug 2016 07:44:57 +0000
Subject: [PATCH] Add session_create_id() manual

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@339956 c90b9560-bf6c-de11-be94-00142212c4b1
---
 .../session/functions/session-create-id.xml   | 151 ++++++++++++++++++
 1 file changed, 151 insertions(+)
 create mode 100644 reference/session/functions/session-create-id.xml

diff --git a/reference/session/functions/session-create-id.xml b/reference/session/functions/session-create-id.xml
new file mode 100644
index 0000000000..ea4957d520
--- /dev/null
+++ b/reference/session/functions/session-create-id.xml
@@ -0,0 +1,151 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- $Revision: 334621 $ -->
+<refentry xmlns="http://docbook.org/ns/docbook" xml:id="function.session-create-id">
+ <refnamediv>
+  <refname>session_create_id</refname>
+  <refpurpose>Create new session id</refpurpose>
+ </refnamediv>
+ <refsect1 role="description">
+  &reftitle.description;
+  <methodsynopsis>
+   <type>string</type><methodname>session_create_id</methodname>
+   <methodparam choice="opt"><type>string</type><parameter>prefix</parameter></methodparam>
+  </methodsynopsis>
+  <para>
+   <function>session_create_id</function> is used to create new
+   session id for the current session. It returns collision free
+   session id.
+  </para>
+  <para>
+   If session is not active, collision check is omitted.
+  </para>
+  <para>
+   Session ID is created according to php.ini settings.
+  </para>
+  <para>
+   It is important to use the same user ID of your web server for GC
+   task script. Otherwise, you may have permission problems especially
+   with files save handler.
+  </para>
+ </refsect1>
+
+ <refsect1 role="parameters">
+  &reftitle.parameters;
+  <para>
+   <variablelist>
+    <varlistentry>
+     <term><parameter>prefix</parameter></term>
+      <listitem>
+       <para>
+        If <parameter>prefix</parameter> is specified, new session id
+        is prefixed by <parameter>prefix</parameter>. Not all
+        characters are allowed within the session id.  Characters in
+        the range <literal>a-z A-Z 0-9 , (comma) and -
+        (minus)</literal> are allowed.
+       </para> 
+      </listitem>
+     </varlistentry>
+   </variablelist>
+  </para>
+ </refsect1>
+
+ <refsect1 role="returnvalues">
+  &reftitle.returnvalues;
+  <para>
+   <function>session_create_id</function> returns new collision free
+   session id for the current session. If it is used without active
+   session, it omits collision check.
+  </para>
+ </refsect1>
+
+ <refsect1 role="examples">
+  &reftitle.examples;
+  <para>
+   <example>
+    <title><function>session_create_id</function> example with <function>session_regenerate_id</function></title>
+    <programlisting role="php">
+<![CDATA[
+<?php
+// My session start function support timestamp management
+function my_session_start() {
+    session_start();
+    // Do not allow to use too old session ID
+    if (!empty($_SESSION['deleted_time']) && $_SESSION['deleted_time'] < time() - 180) {
+        session_destroy();
+        session_start();
+    }
+}
+
+// My session regenerate id function
+function my_session_regenerate_id() {
+    // Call session_create_id() while session is active to 
+    // make sure collision free.
+    if (session_status() != PHP_SESSION_ACTIVE) {
+        session_start();
+    }
+    // WARNING: Never use confidential strings for prefix!
+    $newid = session_create_id('myprefix-');
+    // Set deleted timestamp. Session data must not be deleted immediately for reasons.
+    $_SESSION['deleted_time'] = time();
+    // Finish session
+    session_commit();
+    // Make sure to accept user defined session ID
+    // NOTE: You must enable use_strict_mode for normal operations.
+    ini_set('session.use_strict_mode', 0);
+    // Set new custome session ID
+    session_id($newid);
+    // Start with custome session ID
+    session_start();
+}
+
+// Make sure use_strict_mode is enabled.
+// use_strict_mode is mandatory for security reasons.
+ini_set('session.use_strict_mode', 1);
+my_session_start();
+
+// Session ID must be regenerated when
+//  - User logged in
+//  - User logged out
+//  - Certain period has passed
+my_session_regenerate_id();
+
+// Write useful codes
+?>
+]]>
+    </programlisting>
+   </example>
+  </para>
+ </refsect1>
+
+ <refsect1 role="seealso">
+  &reftitle.seealso;
+  <para>
+   <simplelist>
+    <member><function>session_regenerate_id</function></member>
+    <member><function>session_start</function></member>
+   </simplelist>
+  </para>
+ </refsect1>
+</refentry>
+
+
+<!-- Keep this comment at the end of the file
+Local variables:
+mode: sgml
+sgml-omittag:t
+sgml-shorttag:t
+sgml-minimize-attributes:nil
+sgml-always-quote-attributes:t
+sgml-indent-step:1
+sgml-indent-data:t
+indent-tabs-mode:nil
+sgml-parent-document:nil
+sgml-default-dtd-file:"~/.phpdoc/manual.ced"
+sgml-exposed-tags:nil
+sgml-local-catalogs:nil
+sgml-local-ecat-files:nil
+End:
+vim600: syn=xml fen fdm=syntax fdl=2 si
+vim: et tw=78 syn=sgml
+vi: ts=1 sw=1
+-->