control session regenerating id by setting a flag

[freax]

Sometimes there is no need to regenerate session id every request or regenerate session id by some condition.
This PR provides to control ability to regeneration session id.
I will add some testcases if you find it useful.

[gianarb]

Hi! Thanks for this PR!
can you try to add a few tests about this new feature?

[samsonasik]

@gianarb tests added by @freax

[gianarb]

👍

[mwillbanks]

I understand the concept here; however, i think it is rather confusing to add this and could lead to a large WTF factor down the road. Think if you toggle that bit in your application and someone needs to fix a bug due to it not regenerating.. they would look at that and wonder what in the world is going on here? I'm calling regenerateId and it is not regenerating.

The session component itself does not force regenerating the id on each request, and therefore you likely have something else that is causing this to happen. The one area that this does happen in is: https://github.com/zendframework/zend-session/blob/master/src/SessionManager.php#L416 where we need to send an updated cookie.

[mwillbanks]

@freax I'm thinking this might be better implemented by handling this more so when setting the setSessionCookieLifetime more so I do believe this would be better implemented by checking for a change as the configuration essentially just sets the parameters. The workflow happens only when calling "rememberMe" or "forgetMe" on the SessionManager. This is the only place that regenerateId is actually forced and a second parameter might be useful.

[Mezzle]

I agree that this would cause a massive WTF factor.