How does session_regenerate_id() contribute to preventing session fixation in PHP?

Session fixation is a security vulnerability where an attacker sets a user's session ID before the user logs in, allowing the attacker to hijack the session. To prevent this in PHP, we can use the session_regenerate_id() function to generate a new session ID for the user after successful login. This helps to invalidate any previously set session IDs and makes it harder for attackers to fixate a session. 

session_start();

// Perform user authentication here

if($authenticated) {
    session_regenerate_id(true); // Generate a new session ID
    $_SESSION['user_id'] = $user_id; // Store user ID in session
}

Keywords

session_regenerate_id session fixation PHP security prevention

Related Questions