Session ID regeneration

[sagikazarmark]

Based on time or request count, session ID should be regenerated from time to time. This would be a nice addition to this middleware.

[oscarotero]

I'm not sure about this. It seems a good addition, but I'm afraid to add too much logic in the middleware.

[ghost]

@oscarotero i have forked this project and implemented this feature, are you looking to implement this feature and if so i can add in additional tests and documentation for this and PR.

[oscarotero]

@sephedo Thanks for your work. I'll happily merge your PR, but I'd like to suggest some changes: instead having two methods to configure the id regeneration based in the expire time, I'd create just one method with the following signature:

public function regenerateId(int $lifetime, string $lifetimeKey = 'session-lifetime'): self

This prevent confusing cases like configuring the key used to save the expire time but not the seconds of the lifetime. Now the whole functionality is configured in one place.

I'd also recommend to change the method name to a more descriptive option. lifetime seems to be the lifetime of the session, instead the lifetime of the id, so people can think that when the lifetime is reached, the session will be invalid. I used regenerateId in the example, but other possible names could be idLifetime(). Any other suggestion is welcome.

Anyway, we can discuss these things in the PR.
Thanks

[oscarotero]

v1.10 released including this change.

[sagikazarmark]

Wow, this was fast. Awesome!