When I regenerate my session ID, my app is using the old session file instead of the newly generated one (therefore I am unable to see the $_SESSION['user_id'] that was saved to the new file), why is this?
so how is it legal to put code out there without a licence? thinking wordpress etc . i ve built an app,,, its terrible code so now iam going back over it with laravel etc..but i could have shipped it and no one would have stopped me...
I'm not sure what you mean - both WordPress and Laravel have licences (wordpress.org/about/license/, laravel-guide.readthedocs.io/en/latest/license/) - as for shipping code, you can ship whatever you like, and apply whatever licence you like to it (e.g. choosealicense.com/)
@@cd78 Yes, that's probably a good idea, to regenerate the session ID whenever the login state changes, although it's less important as you're logging out as opposed to logging in.
I'm not familiar with the internals of WordPress, but I suspect it already does this when you use the WordPress login features. If you're creating a plugin that does authentication, then it's just PHP, so you can use the techniques shown in the video.